A new study focused on distributed denial of service (DDoS) attacks has found that pornographic websites received by far the most attacks per site last year.
To produce their "Global DDoS Threat Landscape" report, researchers at Imperva studied attack data gathered between May and December 2019. Their findings, published yesterday, reveal that websites in the adult entertainment industry received an average of 84.46 attacks per site.
Over the same period, the sites that received the second- and third-highest number of DDoS attacks were gaming and news industry websites, which received on average 13.33 and 10.16 attacks per site, respectively.
"Every adult site we tracked over the course of the year experienced an average 84 attacks which, between May and December, equates to 10.5 attacks per site each month," wrote researchers.
Most of the DDoS attacks carried out over the observation period were aimed at the gaming and gambling industries. Gaming was the primary target, hit with 35.92%, while gambling accounted for 31.25%. A significant proportion of the total attacks—26.51%—was aimed at the computing and internet sector.
The country that sustained the most DDoS attacks was found to be India. Hong Kong, which previously held the top spot, became instead the country in which most targets were attacked.
Despite observing the largest ever recorded DDoS attack in April, which reached 580 Mpps (million packets per second) at its peak, researchers found that the majority of attacks didn't exceed 50 Mpps/Gbps (gigabits per second). Most network attacks were short too, with 51% lasting fewer than 15 minutes in length.
The duration of an attack provides telling information regarding the identity of the attackers.
Researchers wrote: "Most of the attacks we recorded were relatively short, lasting less than an hour. Furthermore, within a one-hour distribution, the most common attacks were those that only lasted for 10 minutes or less.
"This, combined with our observation that most attacks were low in terms of both volume and rate, suggests that these short-term, weak attacks were most likely performed by DDoS-for-hire (or stresser) groups whose limited resources tend to be spread thin in order to service as many customers as possible."