As well as increasing by 43% compared with the previous quarter, application layer attacks also became more persistent, with 63.3% of targets being subjected to repeat attacks, up from 46.7% in the third quarter. At the same time, 25.1% of targets were hit six times or more, up from 15.5% in Q3.
On average, Imperva Incapsula services mitigated 237 application layer attacks each week in the fourth quarter of 2017, compared with 135 application layer attacks each week in the third quarter.
The largest application layer attack came in at 138,990rps (requests per second), slightly higher than in Q3, but there was a decline in the average attack size, with just 15.7% of attacks clocking in at higher than 1,000rps, compared with 20.6% in Q3.
However, more than half of all application layer attacks were between 100 and 1,000rps, up from 43.5% in the previous quarter.
By contrast, network layer DDoS attacks fell by more than 50% and attack frequency fell from 302 to 147 a week, but also became more persistent, with 67.4% of targets attacked at least twice, up from 57.7% in Q3. The number of targets exposed to six or more attacks remained steady at 35%.
Network layer attack size also scaled down. Only 3.7% reached above 50Gbps in size, compared with 8.6% the previous quarter.
But the largest network layer attack during the quarter peaked at 335Gbps, slightly higher than the largest attack in Q3 2017, which reached 299Gbps.
Similar to previous quarters, the vast majority of attacks came in below 10Gbps (81.6%). These low-volume and low-rate assaults can be attributed to DDoS-for-hire activity, the report said.
Source: https://anticorruptiondigest.com/anti-corruption-news/2018/03/23/application-layer-ddos-attacks-increasing/