According to its latest paper on the subject – entitled `Anatomy of a Botnet' – Arbor claims that the largest proportion of DDoS attacks are are criminally motivated, with attackers are seeking financial gain via stolen data or by extorting “protection money” in exchange for a promise not to disrupt a retail, e-commerce or gaming site that generates revenue for its own.
And in recent years, says Arbor, there has also been a rise in politically motivated DDoS attacks around the globe including in Iran, South Korea, Estonia, Malaysia, China and the US.
Until recently, the paper asserts, most DDoS attacks were volumetric attacks, that is, they seek to overwhelm the network infrastructure with bandwidth-consuming flooding assaults or by targeting servers, load balancers and firewalls with state-exhaustion attacks.
In 2010, Arbor says volumetric attacks grew in size, frequency and complexity, with the largest attack reported being over 100 Gbps in volume – a 100% increase on the previous year.
Also during the year, Arbor says that application layer DDoS attacks - which exploit the characteristics of widely used applications, mainly with HTTP, DNS, VoIP, and SMTP attack vectors – also grew, but, because these types of attacks consume less bandwidth than volumetric attacks, they are more difficult to detect.
Delving in to the report reveals that, during 2010, 77% of respondents to the firm's annual survey said they had experienced application-layer attacks, and that such attacks represented 27% of all attack vectors.
The report concludes that DDoS attacks are increasing in their frequency, size and complexity, which is due, the company says, mainly to the widespread availability of easy-to-use botnets to launch such an attack.