Over 20Gbps DDoS attacks have become common occurrences, Prolexic says
The average attack duration during the third quarter of this year was 19 hours, slightly longer than in the second quarter.
The majority of attacks -- over 81 percent -- targeted the infrastructure layer, while 18.6% of attacks targeted the application layer, protocols used by specific applications.
The top three countries from where DDoS attacks originated were China with 35 percent of attacks, the U.S. with 28 percent and India with 8 percent.
In the case of high-bandwidth DDoS attacks, a change in attack tactics has been observed, Scholly said. Instead of using botnets of compromised personal computers, such attacks are launched from botnets of compromised servers. The attackers gain access to such servers by exploiting vulnerabilities in outdated Web applications and install PHP-based DDoS toolkits.
One toolkit that has recently been used to launch high-bandwidth attacks against multiple financial institutions in the U.S., as well as companies from other industry sectors, is known as "itsoknoproblembro."