Search Form

Prolexic Records Dramatic Rise in Packet-Per-Second Volume in Q411 Global DDoS Attack Report

HOLLYWOOD, FL – (February 7, 2012) – Prolexic Technologies, the global leader in Distributed Denial of Service (DDoS) protection services, today announced that data collected during Q411 global attacks against its clients indicates a significant rise in packet-per-second (PPS) volume.  Full details and statistics of the company’s quarterly DDoS mitigation activities are available in a complimentary quarterly report that can be downloaded from

“Based on fourth quarter statistics, Prolexic predicts that 2012 will feature DDoS attacks that will be shorter in duration, but much more devastating in terms of packet-per-second volume,” said Paul Sop, chief technology officer at Prolexic.  “Think of it this way.  In the past, attackers had a rifle.  In 2012, they have a machine gun with a laser site.”  Prolexic predicted this increase in PPS volume in its previous attack report and noted that attackers were changing their strategy.

Report highlights

Compared to Q410:

  • Prolexic mitigated 45% more DDoS attacks
  • Prolexic mitigated 7 times more attack traffic
  • PPS volume increased 18-fold
  • Average attack duration was down to 34 hours from 43 hours

Other highlights:

  • Prolexic mitigated more than twice as many attacks in Q411 compared to Q311
  • In Q411, approximately 22% of attacks were ICMP floods, 20% were UDP Floods, 20% were SYN Floods and 16% were GET Floods
  • November was the month with the greatest number of total attacks, but the highest volume of attacks occurred during the period of December 3-10, which is a peak buying and shipping period before the holidays
  • Clients in the e-Commerce sector received a disproportionately high percentage of Layer 7 (application layer) attacks and much longer average attack durations
  • The top three countries from which attacks originated were Japan, China, and Germany with Japan-based IP addresses accounting for 35% of attacks
  • Average attack bandwidth was 5.2 Gbps compared to 2.1 Gbps in Q311, an increase of 148%
  • Average attack bandwidth was 2.6 Gbps in 2011 compared to 1.1 Gbps in 2010, an increase of 136% year over year

Key trends to watch

Prolexic believes Q411 data is indicative of several key trends that will shape the DDoS mitigation landscape in the coming year.

“We have seen a trend toward shorter overall attack duration, but with unprecedented high packet-per-second volume and lethal attack signatures,” said Sop.  “This is a devastating cocktail that can quickly bring down even well protected sites and their mitigation providers. We are starting to see packet-per-second attack volumes that are simply off the charts.”

The findings in Prolexic’s Q411 Attack Report also indicate a somewhat surprising surge of DDoS attacks originating from Japan, a geographic location rarely in the top ten source countries and usually not known for large concentrations of botnets.  Prolexic speculates that this activity may stem from temporarily lax security practices when many global vendors set up impromptu communication networks after the tragedy in Japan.

The fourth quarter also saw a rise in Layer 7 (application layer) attacks against e-Commerce companies, which is not surprising since online retailers and ancillary service providers such as shippers are prime attack targets during the fourth quarter holiday shopping season.  Indeed, data from Q4 showed that the highest number of attacks occurred during the week of December 3-10.  Average attack duration was also significantly higher for attacks directed at e-Commerce businesses.

“The Internet is becoming a more dangerous place for online companies that do not have a high level of DDoS protection,” Sop said.  “With regard to DDoS attacks, we expect 2012 to be one of the most challenging years for all online businesses.  As such, it’s critical to continually evaluate the vulnerabilities of your network and the capabilities of your mitigation provider to ensure they are keeping pace with this ever increasing threat.”

Sop suggests that companies start becoming more proactive in their defenses by leveraging better traffic monitoring and analysis tools that provide greater Layer 3 and 4 DDoS alert accuracy and faster identification and analysis of Layer 7 attacks.  The faster attacks can be recognized, the faster they can be mitigated, which minimizes site downtime and lost revenue.

As the size and frequency of DDoS attacks continue to rise, Prolexic is keeping pace. In Q411 the company opened a new scrubbing center in Ashburn, VA and significantly increased the size of its global attack mitigation network. Demand for Prolexic’s services is increasing rapidly and the company recorded a 45% growth in revenues for 2011.

Data for the Q411 report has been gathered and analyzed by the Prolexic Security Engineering & Response Team (PLXsert).  The group monitors malicious cyber threats globally and analyzes DDoS attacks using proprietary techniques and equipment.  Through data forensics and post attack analysis, PLXsert is able to build a global view of DDoS attacks, which is shared with Prolexic customers.  By identifying the sources and associated attributes of individual attacks, the PLXsert team helps organizations adopt best practices and make more informed, proactive decisions about DDoS threats.

A complimentary copy of the Prolexic Quarterly Attack Report for Q411 is available as a free PDF download from  Prolexic’s Q112 report will be released in the second quarter of 2012.

Join in, share your thoughts

You must be logged in to post a comment.