DDoS attacks are getting more powerful – with figures suggesting that the average attack was 57% stronger in the second half of 2011. Data received from Kaspersky Lab’s botnet monitoring system and Kaspersky DDoS Prevention show that the most powerful attack was 20% stronger compared to the first half of the year, and amounted to 600 Mbit/sec. The average attack strength in the second half of 2011 was 110 Mbit/sec – an increase of 57%.
Despite the relative simplicity of these techniques, researchers have recently noted a shift away from conventional DDoS attacks using large amounts of traffic, to attacks that lead to exploiting substantial resources on the server under attack. This makes it possible to launch effective DDoS attacks with minimum effort from the attacker, i.e. without using large botnets.
“This is a perfectly logical progression. Large botnets attract the attention of anti-DDoS projects and law enforcement agencies, which can make such botnets much less attractive to cybercriminals. They will have to increase the power of attacks by using several botnets targeting one resource at once.That is why we are not going to see really large DDoS botnets in 2012. Our radars will show mostly medium-size botnets, which are powerful enough to take down an average website, and such botnets are going to become more numerous,” said Yury Namestnikov, Senior Malware Analyst, Kaspersky Lab.