“While these are different types of bots that exist only inside the Twitter ecosystem, this is all a part of the same trend – just another example of how automation influences our online experience,” argued the firm’s senior security evangelist, Igal Zeifman.
New data released from Imperva today shows bots with the upper hand overall, with humans representing 48.2% of website traffic in 2016; so-called "good" bots (think feed-fetchers, search engine bots and crawlers) at 22.9%, and bad bots accounting for 28.9% of the traffic.
Igal Zeifman, Marketing Director, Imperva Incapsula: "Mirai was responsible for many high-profile attacks in the second half of 2016. It safe to say that, in 2017, we will continue to see more evolutions of that specific malware type, which will exploit vulnerabilities in IoT devices..."
Tim Matthews, vice president of marketing at Imperva, based in Redwood Shores, Calif., said internet service providers, vendors and users all "share a long tradition of disregarding basic security practices when it comes to internet devices."
Security provider Incapsula advises that distributed attack protection requires multi-layer security. Services, at the very least, should protect OSI Layers 3 (network), 4 (transport), and 7 (application). But with the complex realities of web applications today, protecting on the application level is also paramount.
The attack—the largest on record for the firm’s network—began around 10:55 a.m. on December 21, targeting several anycasted IPs on the Imperva Incapsula network. The first DDoS burst lasted roughly 20 minutes, peaking at 400Gbps. Failing to make a dent, the offender regrouped and came back for a second, 17-minute round. This time enough botnet “muscle” was used to generate a 650Gbps DDoS flood of more than 150 million packets per second (Mpps).
“Due to IP spoofing, it's hard to accurately identify the devices used in this attack,” Avishay Zawoznik, security research specialist for the Incapsula product line at Imperva, told SecurityWeek.
This past year has been one for the record books when it comes to distributed denial of service (DDoS) attacks, so it is only proper that 2016 closes out with news of another massive DDoS attack, reported by Imperva researchers.