A U.S.-based
security firm is reporting that the average amount of bandwidth consumed in
DDoS attacks by botnets has increased by a factor of eight in the first quarter
of 2013.
You read
that correctly. Eight times the bandwidth is being consumed compared to last
year.
The average amount of bandwidth used in DDoS attacks mushroomed to an astounding 48.25 gigabits per second in the first quarter, with peaks as high as 130 Gbps, according to Hollywood, Florida-based Prolexic. During the same period last year, bandwidth in the average attack was 6.1 Gbps and in the fourth quarter of last year it was 5.9 Gbps. The average duration of attacks also grew to 34.5 hours, compared with 28.5 hours last year and 32.2 hours during the fourth quarter of 2012. Earlier this month, Prolexic engineers saw an attack that exceeded 160 Gbps, and officials said they wouldn't be surprised if peaks break the 200 Gbps threshold by the end of June. [Ars Technica]
According to
Ars, the biggest factor contributing to these attacks is the harnessing of
servers rather than home computers for botnets. While a personal PC might only
be able to deliver a rather limited number of packets, a zombie-server is much
more powerful and able to deliver staggering amounts of data.
In
particular, we’ve seen servers running web-based software like WordPress are
particularly vulnerable.
According to
security firm CloudFlare’s CEO, Matt Prince:
"It is
clear that if the story of the 2000s was how easy it was to compromise desktop
PCs and turn them into spam-sending engines or botnets to do other nefarious
things, the story of the 2010s is going to be how easy it is to compromise
server software, which has gotten very consumerized and doesn't necessarily
have the best security in place. If a server is 10 times as powerful as a
desktop computer then you only need one-tenth to do the same level of
damage."
No comments:
Post a Comment