Welcome!

News Feed Item

Mobile Applications Being Used for DDoS Attacks According to Prolexic's Latest Quarterly Report

FORT LAUDERDALE, Florida, Jan. 14, 2014 /PRNewswire/ -- Prolexic Technologies, the global leader in Distributed Denial of Service (DDoS) protection services, today reported that mobile applications are being used in DDoS attacks against enterprise customers. This is one of many key findings found in the company's Q4 2013 Global DDoS Attack Report, which was published today and can be downloaded from prolexic.com/attackreports.

(Logo: http://photos.prnewswire.com/prnh/20140114/FL45657LOGO)

"The prevalence of mobile devices and the widespread availability of downloadable apps that can be used for DDoS is a game changer," said Stuart Scholly, president of Prolexic. "Malicious actors now carry a powerful attack tool in the palm of their hands, which requires minimal skill to use. Because it is so easy for mobile device users to opt-in to DDoS attack campaigns, we expect to see a considerable increase in the use of these attack tools in 2014."

Data gathered in Q4 from attacks against Prolexic's global client base shows that mobile devices participated in a DDoS attack campaign against a global financial services firm. Digital forensics and attack signature analysis conducted by the Prolexic Security Engineering and Response Team (PLXsert) detected the use of AnDOSid, an Android operating system tool that performs an HTTP POST flood attack.

"Mobile devices add another layer of complexity," explained Scholly. "Because mobile networks use super proxies, you cannot simply use a hardware appliance to block source IP addresses as it will also block legitimate traffic. Effective DDoS mitigation requires an additional level of fingerprinting and human expertise so specific blocking signatures can be developed on-the-fly and applied in real-time."

Prolexic believes that developers of applications commonly used in DDoS attacks like Low Orbit Ion Canon (LOIC) will increasingly port them to mobile platforms in 2014. "Traditionally, some type of infection or malware was required," said Scholly. "With mobile apps, malicious actors can choose to proactively participate in orchestrated DDoS attack campaigns. When you consider how many mobiles device users there are in the world, this presents a significant DDoS threat."

Prolexic's latest DDoS attack report shows the total number of attacks against its clients in Q4 2013 once again set a new record for one quarter, illustrating the heightened level of DDoS activity throughout 2013. Compared to the same quarter one year ago, total attack volume increased 26 percent. A week-by-week comparison to Q4 2012 shows increases in attack volume across eight of the 12 weeks of the quarter.

Highlights from Prolexic's Q4 2013 Global DDoS Attack Report

Compared to Q4 2012

  • 26.09 percent increase in total DDoS attacks
  • 17.42 percent increase in application layer (Layer 7) attacks
  • 28.97 percent increase in infrastructure layer (Layer 3 & 4) attacks
  • 28.95 percent decrease in average attack duration: 22.88 vs. 32.21 hours

Compared to Q3 2013

  • 1.56 percent increase in total DDoS attacks
  • 0.55 percent increase in application layer (Layer 7) attacks
  • 1.86 percent increase in infrastructure layer (Layer 3 & 4) attacks
  • 7.25 percent increase in average attack duration: 22.88 vs. 21.33 hours
  • 48.04 percent increase in average peak attack bandwidth to 4.53 Gbps
  • 151.21 percent increase in peak packets-per-second rate to 10.60 Mpps

Analysis and emerging trends

The largest DDoS attack Prolexic mitigated in Q4 peaked at 179 Gbps, which is the largest DDoS attack the company has faced to date. Attack sizes continue to grow and this quarter, Prolexic mitigated several attacks over 100 Gbps.

As in previous quarters, malicious actors continued to favor launching Layer 3 and Layer 4 attacks targeting infrastructure elements. Infrastructure attacks accounted for 76.76 percent of total attacks during the quarter with application layer attacks making up the remaining 23.24 percent. UDP (13.15 percent), UDP fragment (17.11 percent), DNS (9.58 percent), SYN (14.56 percent) and HTTP GET (19.91 percent) floods were the most common attack types directed against Prolexic clients. The CHARGEN protocol, commonly used in reflection attacks, increased 92.31 percent this quarter, illustrating the growing popularity of this attack type.

"Looking back over 2013, a number of significant DDoS trends were observed," said Scholly. "These include the emergence of Layer 7 toolkits, the rise in DDoS-for-hire services, the resurrection of amplified Distributed Reflection Denial of Service (DrDoS) attacks as a common and powerful attack vector, as well as the steady rise in the number of DDoS attacks originating from Asian countries."

These trends are discussed in detail in Prolexic's "Q4 2013 Global DDoS Attack Report." A complimentary copy is available as a free PDF download from prolexic.com/attackreports. Prolexic's Q1 2014 report will be released early in the second quarter of 2014.

About Prolexic

Prolexic is the world's largest, most trusted Distributed Denial of Service (DDoS) mitigation provider. Able to absorb the largest and most complex attacks ever launched, Prolexic restores mission-critical Internet-facing infrastructures for global enterprises and government agencies within minutes. Ten of the world's largest banks and the leading companies in e-Commerce, SaaS, payment processing, travel/hospitality, gaming, energy and other at-risk industries rely on Prolexic to protect their businesses. Founded in 2003 as the world's first in-the-cloud DDoS mitigation platform, Prolexic is headquartered in Hollywood, Florida, and has scrubbing centers located in the Americas, Europe and Asia. To learn more about how Prolexic can stop DDoS attacks and protect your business, please visit prolexic.com, follow us on LinkedIn, Facebook, Google+, YouTube, and @Prolexic on Twitter.

Contact:
Michael E. Donner
SVP, Chief Marketing Officer
Prolexic
media {at} prolexic {dot} com
+1-954-620-6017



More Stories By PR Newswire

Copyright © 2007 PR Newswire. All rights reserved. Republication or redistribution of PRNewswire content is expressly prohibited without the prior written consent of PRNewswire. PRNewswire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
SYS-CON Events announced today that Ryobi Systems will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Ryobi Systems Co., Ltd., as an information service company, specialized in business support for local governments and medical industry. We are challenging to achive the precision farming with AI. For more information, visit http:...
SYS-CON Events announced today that mruby Forum will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. mruby is the lightweight implementation of the Ruby language. We introduce mruby and the mruby IoT framework that enhances development productivity. For more information, visit http://forum.mruby.org/.
SYS-CON Events announced today that Mobile Create USA will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Mobile Create USA Inc. is an MVNO-based business model that uses portable communication devices and cellular-based infrastructure in the development, sales, operation and mobile communications systems incorporating GPS capabi...
SYS-CON Events announced today that Daiya Industry will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Daiya Industry specializes in orthotic support systems and assistive devices with pneumatic artificial muscles in order to contribute to an extended healthy life expectancy. For more information, please visit https://www.daiyak...
SYS-CON Events announced today that Fusic will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Fusic Co. provides mocks as virtual IoT devices. You can customize mocks, and get any amount of data at any time in your test. For more information, visit https://fusic.co.jp/english/.
SYS-CON Events announced today that Keisoku Research Consultant Co. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Keisoku Research Consultant, Co. offers research and consulting in a wide range of civil engineering-related fields from information construction to preservation of cultural properties. For more information, vi...
SYS-CON Events announced today that MIRAI Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MIRAI Inc. are IT consultants from the public sector whose mission is to solve social issues by technology and innovation and to create a meaningful future for people.
SYS-CON Events announced today that Interface Corporation will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Interface Corporation is a company developing, manufacturing and marketing high quality and wide variety of industrial computers and interface modules such as PCIs and PCI express. For more information, visit http://www.i...
Today companies are looking to achieve cloud-first digital agility to reduce time-to-market, optimize utilization of resources, and rapidly deliver disruptive business solutions. However, leveraging the benefits of cloud deployments can be complicated for companies with extensive legacy computing environments. In his session at 21st Cloud Expo, Craig Sproule, founder and CEO of Metavine, will outline the challenges enterprises face in migrating legacy solutions to the cloud. He will also prese...
SYS-CON Events announced today that Enroute Lab will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Enroute Lab is an industrial design, research and development company of unmanned robotic vehicle system. For more information, please visit http://elab.co.jp/.
Elon Musk is among the notable industry figures who worries about the power of AI to destroy rather than help society. Mark Zuckerberg, on the other hand, embraces all that is going on. AI is most powerful when deployed across the vast networks being built for Internets of Things in the manufacturing, transportation and logistics, retail, healthcare, government and other sectors. Is AI transforming IoT for the good or the bad? Do we need to worry about its potential destructive power? Or will we...
SYS-CON Events announced today that Nihon Micron will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Nihon Micron Co., Ltd. strives for technological innovation to establish high-density, high-precision processing technology for providing printed circuit board and metal mount RFID tags used for communication devices. For more inf...
In his session at @ThingsExpo, Greg Gorman is the Director, IoT Developer Ecosystem, Watson IoT, will provide a short tutorial on Node-RED, a Node.js-based programming tool for wiring together hardware devices, APIs and online services in new and interesting ways. It provides a browser-based editor that makes it easy to wire together flows using a wide range of nodes in the palette that can be deployed to its runtime in a single-click. There is a large library of contributed nodes that help so...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
DevOps at Cloud Expo – being held October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real r...