Almost three out of four Bitcoin exchanges and related cryptocurrency sites have suffered a DDoS attack in the third quarter of 2017, said DDoS mitigation firm Imperva Incapsula in a report released yesterday afternoon.
This increased focus has landed the digital currency sector in the company’s top 10 most targeted industry verticals for the first time, at number #8.
The reason why attackers have shifted focus to Bitcoin sites isn’t that hard to figure out. Since the start of the year, Bitcoin’s price has exploded from $950 to almost $12,900, today.
As a hacker known as An0CBR told this reporter back in 2015, there’s a flourishing underground market where Bitcoin site operators pay to take out their competition. With Bitcoin prices going through the roof, less scrupulous site operators would have most likely chosen to order DDoS attacks on their competitors in order to steal business away from those services.
Furthermore, we also can’t rule out DDoS ransom demands, which in the past two years have gone through the roof, along with attempts to manipulate Bitcoin price.
Igal Zeifman, Director of Marketing at Imperva Incapsula, sees the shift toward the Bitcoin market as a natural shift from attackers, who “are drawn to successful online industries, especially new and under-protected ones.”
DDoS capabilities are getting bigger
As for the rest of the quarter, the Incapsula report contains some significant developments. First and foremost, the company saw a rise in DDoS capabilities. The company detected more large-scale attacks in terms of packets-per-second but also traffic-per-second.
Imperva said it recorded over 144 DDoS attacks that blasted over 100 million packets per second (Mpps) at their targets in Q3, up from only 6 such attacks recorded in Q1 2017.
The company says the largest DDoS attack it mitigated terms of sheer size peaked at 299 Gbps, and targeted its own IP ranges, in an attempt to down its systems.
A report from rival Cloudflare saw the same growth in attack size, with Cloudflare saying it often mitigates 400+ Gbps DDoS attacks at regular intervals.
Most DDoS attacks are now multi-vector
But the rise in DDoS capabilities wasn’t the primary trend Imperva experts noticed. After adjusting their DDoS calculation algorithms, the company says that over 70% of today’s DDoS attacks are multi-vector.
Multi-vector attacks are DDoS incidents where an attacker uses different protocols for the DDoS assault, such as SYN, TCP, UDP, ICMP, NTP, DNS, and others.
Attackers usually probe companies with multiple vectors in the beginning and then focus on the one that’s most effective against a target’s current defenses. Furthermore, attackers switch vectors at short intervals in case they want to keep DDoS mitigation teams on their toes and prolong the attack’s efficiency before companies can track down the source and nature of attacks.
The 70% figure also means that most of these attacks are now launched from advanced botnets or DDoS-for-hire services that can handle multiple attack vectors, and not your do-it-yourself DDoS apps that someone can find to download on shady Internet sites.
Other findings of the Imperva Incapsula Global DDoS Threat Landscape Q3 2017 report:
→ Internet Services was the most attacked industry (46.1%), followed by the Gaming and the Gambling sectors.
→ Average DDoS attack duration was 1.2 hours.
→ Most targets were attacked more than once.
→ The most repeatedly attacked target faced 714 attacks in the span of the quarter.
→ Most DDoS attacks were carried out via TCP (59.3%) and UDP (52.9%).
→ Most multi-vector attacks relied on SYN, TCP and UDP floods.
→ Network layer attacks: The US (14%) was the most attacked country, while Honk Kong (31.9%) hosted the most attacking bots.
→ Application layer attacks: The US (41%) was the most attacked country, while it hosted the most attacking bots (53.3%).
→ DDoS bots that can bypass cookie challenges increased to 6.4% from 2.1% in the previous quarter.
→ Of these bots, 1.8% were also able to parse JavaScript, an increase from 1.4% in Q2 2017.
→ China hosted 40% of DDoS bots.
→ Nearly 17% of botnet traffic originated in China.
→ Turkey and India were the biggest risers in terms of botnet traffic.


