For as much attention as the problem of DDoS attacks has garnered in the past few years, if it’s a subject you don’t keep yourself informed on, getting up to speed on it can feel a lot like cleaning out the big hall closet you’ve been throwing random junk in since you moved into your house. Where do you even begin? If you’ve ever actually tried to do either you probably know the answer is you don’t begin, you drink a glass of wine instead and tell yourself you’ll deal with it next week. Repeat as needed.

This is it, though. Either put down the wine or pour a bigger glass because you’re about to get up to speed – this is what you need to know about DDoS attacks right now.

A trustworthy source

If you’re going to take advice on something as important as the current state of distributed denial of service or DDoS attacks, take it from the folks who eat, sleep and breathe DDoS protection. Imperva Incapsula was recently named a Leader in the Forrester Wave: DDoS Mitigation Solutions Q4 2017 report, taking top marks in the Current Offering and Strategy categories.

As you might expect of an industry leader, they put together comprehensive quarterly reports on the DDoS landscape that zero in on the threats affecting the internet, like the following four DDoS trends.

Troubling trend #1: the pros are back

For a few years it was the short-burst, low-volume attacks that were the hallmark of DDoS-for-hire services ruling the distributed denial of service landscape, but by the time 2017 came to a close, it was clear the picture had changed. Professional attackers are back in the game, and they’re back in a big way.

According to Imperva Incapsula’s Q3 2017 threat report, 40.5% of network-layer assaults in the third quarter of last year were multi-vector. This is an increase of 11.5% from the first quarter. The sophistication level of attacks rising is bad news for any unprotected website that gets targeted, because in the third quarter, a stunning 75.8% of websites that had an attack attempted were targeted more than once, and 45 of Incapsula’s clients were actually targeted more than 50 times.

Professional DDoS attackers are the hitmen of the internet, and websites are getting whacked.

Troubling trend #2: the old dogs learned new tricks

Many professional DDoS attackers may have been in the game for years, but that doesn’t mean they aren’t continually coming up with new ways to sink a three-pointer.

Towards the middle of 2017 Imperva Incapsula noticed a new attack type. They dubbed it the pulse wave attack, and in it attackers use one botnet to smash one target right after another with a fast blast of enough malicious traffic to immediately clog the network. The blast drops off only for another blast to follow a few minutes later, clogging the network all over again.

By using a single botnet to hit one target after another, attackers eliminate the ramp-up period that typically begins a DDoS attack which makes it hard for all but the best of the best mitigation solutions and services to prevent downtime.

Imperva Incapsula speculates that these attacks were specifically designed to target appliance-first cloud hybrid protection solutions. With the network clogged, the appliance cannot activate the cloud scrubbing server, which allows the attack to succeed and keep succeeding with every blast. According to what Incapsula has witnessed, these attacks have largely been aimed at targets in very competitive industries such as online gaming and fintech.

Troubling trend #3: high packet rate attacks on the rise

Attacks aren’t just getting craftier, they’re also getting burlier. In the first quarter of 2017 Incapsula had to deal with six attacks with packet forwarding rates in excess of 100 Mpps, and in quarter three they handled 144 with the highest rated attack of the quarter topping out at 238 Mpps.

This is a big deal for anyone in the market for a mitigation service. It is imperative you inquire about the processing capacity of a prospective service’s scrubbing server. If it’s not up over 500 Mpps, keep shopping, because these high packet rates are only going to keep rising.

Troubling trend #4: cryptocurrency is so hot right now

If you thought you were going to make it through this without a mention of Bitcoin and its ilk then, well, think again. In Q3 2017 Bitcoin vaulted itself into the top 10 most attacked industries as observed by Imperva Incapsula, joining stalwarts like gambling, gaming, fintech and retail.

While this is obviously a concern for the people in charge of running cryptocurrency exchanges, it’s no small factor for cryptocurrency investors either. Attacks often coincide with a surge in a cryptocurrency’s value because attackers sell their cryptocurrency at the high value and then launch attacks that drag down trade numbers and corresponding cryptocurrency value so they can rebuy the cryptocurrency at a lower price. If you’re not prepared to play the DDoS trading game right along with attackers, you might find yourself losing out.

Crash course completed

There’s a reason they’re called crash courses and it’s because often when you complete one you feel as though you’ve hit a brick wall going full tilt. Getting up to speed on a subject like distributed denial of service attacks isn’t an entirely fun experience, but it is a necessary one, so it’s always nice to have expert guidance. Not to mention that glass of wine.

Tobias Matthews

Tobias Matthews


Writer at Fourth Source.