DDoS Attacks Progressively Mimicking APT-Fashioned Assaults - Imperva

According to the Global DDoS Trends Report by Imperva, there's a new development of DDoS (distributed denial-of-service) assaults very much resembling APTs (advanced persistent threats) wherein a few victims are getting attacked over a period of 2 months-or-more.

The study that analyzed over 3,000 assaults during March-May, 2015, discovered intensifying DDoS assaults both in length and frequency. Researchers observed that the attack which lasted the longest remained for 64-days, while they summarized that the more advanced bypassing techniques employed had an increasing scent of APT assaults.

Further, DDoS assaults are now more of a commoditized weapon so a botnet-for-hire deal is available at not even USD20 (EUR17.76) per month. It's now even easier to get such deals by purchasing them online through Bitcoin.

Imperva also found that organizations once successfully targeted were likely to get targeted again. When any application layer would target a company, there was the possibility of a website getting attacked again, on average, a single time after each ten-day period, with over 5 attacks against 17% of the websites, over 10 attacks against 10%, and daily attacks against many websites. The study period covered 72 days.

In this period, among the total network layer assaults, 71% sustained for less than 3-hrs, while more than 20% sustained for more than 5 days.

General Manager Marc Gaffan for Incapsula service at Imperva says there has been a significant increase in the duration, sophistication and frequency of assaults in relation to only some years back. Marketwired.com reported this, June 9, 2015.

According to Gaffan, skilled hackers are leveraging sophisticated assaults which currently mimic APTs. Understandably, this heightened advancement follows attackers' examination of software, which detects and stops DDoS assaults, and thus their enforcement of fresh methods for evading them, he adds.

Moreover, Chief Technology Officer Nimrod Luria at Sentrix, website providing cloud-based security software believes that stagnation persists in the approaches adopted for protecting against DDoS. Help Net Security reported this, June 11, 2015.

Luria concludes that protection against DDoS can best be contextual from comprehension of protected websites as well as the activities which law-abiding end-users are allowed towards conducting on these sites.

» SPAMfighter News - 6/22/2015