DDoS attacks flood their targets with fake traffic, overwhelming websites so legitimate visitors can’t get access, or bombarding other public-facing infrastructure.
Just over a third of attacks in Q2, 36 percent of them, used a single form of attack traffic. Nearly as many, 29 percent, used two kinds; 19 percent three; 7 percent four; and 9 percent used five or more different kinds.
User Datagram Protocol (UDP) floods continued to be the most common form of attack traffic in Q2, being used in 56 percent of DDoS experienced by Verisign customers. The next most common form of attack traffic was Transmission Control Protocol (TCP) requests — which featured in 18 percent.
But Verisign says one of the most troubling tactics is the growing use of application layer, or layer seven, attacks. The application layer is the part of the stack that communicates directly with the end user and attackers typically use HTTP requests, making them hard to distinguish from genuine traffic.
“Application layer attacks … are some of the most difficult attacks to mitigate because they mimic normal user behavior and are harder to identify,” states the report.
Since these attacks can include SQL injection, which sends nefarious instructions to web databases, they can be used to steal information and are often accompanied by much larger UDP or TCP floods, which act as a distraction, pulling company managers’ attention away from the real attack.