DDoS attacks getting bigger but shorter in duration

July 31, 2013

John P. Mello, Jr.

Hacktivist group Izz ad-Dim al-Qassam Cyber Fighters's strategy said to be driving up raw number of attacks and depressing their duration

Distributed Denial of Service (DDoS) attacks are getting bigger, but their duration are getting shorter, according to an analysis released this week by Arbor Networks.

During the first six months of 2013, the average size of DDoS attacks remained solidly over the 2Gbps, Arbor reported -- something the company has never seen before.

Although the average may have been skewed during the period by the massive attack on Spamhaus in March, which reached 300Gbps at its zenith, large attacks in general have been going up too, Arbor found. From January to June this year, it said attacks exceeding 20Gbps more than doubled over 2012.

Several security experts agreed with Arbor's analysis. Michael Smith, CSIRT director for Akamai Technologies, cited two factors affecting DDoS numbers during the period. "It's just easier to do these days," he said in an interview. "You can rent a botnet for $20."

He added that a hacktivist group known as the Izz ad-Dim al-Qassam Cyber Fighters (QCF) has adopted a strategy that is also driving up the raw number of attacks and depressing their duration. "They attack multiple targets during the course of a day," Smith explained.