Imperva Research Labs Reveals Abnormal Increase in DDoS Attack Length, Despite Popularity of Short Term Attacks
23 Junio 2020 - 8:00AM
Imperva, Inc., the cybersecurity leader championing the fight to
secure data and applications wherever they reside, published its
May 2020 Cyber Threat Index Report, revealing seven major
application DDoS attacks over the previous month — two of which
lasted 5-6 days. Additionally, the team found that 47% of account
takeover (ATO) attacks were aimed at loyalty programs and streaming
services, where bad actors attempted to use stolen credentials to
gain unauthorized access to online accounts to carry out malicious
actions such as data theft, identity fraud or fraudulent e-commerce
transactions.
The monthly report also showed continued signs of site traffic
recovery across various industries following the lift in
shelter-in-place orders, as schools across the world reopened and
employees returned to workplaces. Key findings between May 1 and
May 31, 2020 include:
- Increasing length of application DDoS attacks.
Imperva Research Labs identified seven major application DDoS
attacks over 150,000 requests per second (RPS). Two of the attacks
lasted five and six days consecutively — an unusual occurrence, as
most (70% of those in May) DDoS attacks typically last less than 24
hours. Additionally, while the average DDoS event in April
originated from 300 IPs, these two major events were from 28,000
and 3,000 unique IPs. Additionally: - The most targeted industries
overall were News (38%), Business (25%) and Financial Services
(19%).- Top countries from which DDoS attacks originate are China
(26%), US (15%) and the Philippines (7%).
- ATO attacks are focused at loyalty program cards and
streaming services. Out of the total ATO attacks, 47% were
aimed at loyalty programs and streaming services. In one example,
Imperva Research Labs registered 13.5 million ATO attempts over
three days. Across all ATO attacks, the average attack size per
site was about 100,000 attempts, distributed over 2,000 IPs on
average. This means that each IP sent no more than two requests per
day, classifying as a “low and slow” attack — where a botnet uses
multiple devices, each sending only a handful of requests, to
masquerade its attack with legitimate traffic.
- COVID-19 affects cyber traffic and attack trends, while
recovery continues. As the coronavirus crisis escalated,
Imperva Research Labs previously examined changes in traffic and
attack trends across multiple industries and countries. In May, as
more countries reopened schools and less students were at home,
overall traffic to education sites went down by 20%. Additionally,
with many returning to work and spending more time commuting, the
use of entertainment sites — specifically radio streaming services
— increased by 11% overall.
- Cloud platforms and automated tools are the main source
of attacks against government sites in the United States.
A total of 65% of the attacks against Law and Government sites in
the US originated from cloud platforms using automated tools
written in the Python programming language — a finding aligned with
Imperva’s recent annual report of the most popular tools amongst
hackers.
- Database vulnerabilities spike. Ten new
database vulnerabilities were published in May, and almost half
held a high severity score of greater than seven, with one reaching
a critical score of greater than nine per the Common Vulnerability
Scoring System. Most of the vulnerabilities were published on May
12, 2020 as part of SAP Security Patch Day.
- Overall Cyber Threat Index score remains at a ‘high’
level. Although the number of attacks declined by 28%, the
Cyber Threat Index score went up by 32 points due to more high- and
medium-risk vulnerabilities and an increase in high volume and
longer duration DDoS attacks.
The Cyber Threat Index is a monthly measurement and analysis of
the global cyber threat landscape across data and applications, and
is based on data gathered from Imperva sensors all over the
world—including over 25 petabytes of network traffic passing
through the Imperva CDN per month. With over one trillion total
requests analyzed and 21 billion application attacks blocked, it
offers an unrivaled and comprehensive look at application security
and provides an easy-to-understand score to consistently track
cyber threat levels and observe trends over time. Viewers can dive
deeper into the score and drill down for individual industries and
countries, and also view historic Index scores.
The May 2020 Cyber Threat Index is available at
https://www.imperva.com/cyber-threat-index/
“In May, we were surprised to find two unusually long DDoS
attacks lasting 5-6 days. As methods to carry out DDoS have become
more advanced, leading to increased accessibility to those with no
technical skills, we have historically seen that most attackers
would rather not waste time and resources on achieving their proof
of impact,” said Nadav Avital, head of security research at
Imperva. “For example, in Imperva’s 2019 Global DDoS Threat
Landscape Report, we found that about 29% of attacks lasted 1-6
hours while 26% lasted less than 10 minutes. Longer attacks — such
as the ones conducted in May — suggest they are the work of more
professional bad actors who use their own botnets to carry out
persistent assaults.”
The Cyber Threat Index was created by Imperva Research Labs, a
premier research organization for security analysis, vulnerability
discovery and compliance expertise. The organization provides
round-the-clock research into the latest security vulnerabilities
and is comprised of some of the world’s leading experts in data and
application security.
About ImpervaImperva is an analyst-recognized,
cybersecurity leader on a mission to protect customers’ digital
assets by accurately detecting and effectively blocking incoming
threats, and empowering customers to manage critical risks, so they
do not have to choose between innovating for their customers and
protecting what matters most. At Imperva, we tirelessly defend our
customer’s business as it grows, giving them clarity for today and
confidence for tomorrow. Learn more at www.imperva.com, our blog,
or Twitter.
Media ContactReagan McAfeeOffleash for
Impervaimperva@offleashpr.com
Imperva, Inc. (NASDAQ:IMPV)
Gráfica de Acción Histórica
De Nov 2024 a Dic 2024
Imperva, Inc. (NASDAQ:IMPV)
Gráfica de Acción Histórica
De Dic 2023 a Dic 2024