A global problem (AP Images)

Distributed denial of service (DDoS) attacks against financial service firms increased by 25% during the first quarter of 2012, a new study reveals.

Prolexic Technologies, a Hollywood, Fla.-based provider of distributed denial of service protection services released this finding in a survey that reviews DDoS events by attack type, source country, time of day and other criteria.

Comparisons of fourth quarter 2011 and first quarter 2012 statistics show a “considerable increase” in DDoS attacks targeted to the financial services industry in both quantity and intensity, the survey says. Mitigated Q4 2011 attacks targeting the sector totaled approximately 19.1 terabytes (TB) of data and 14 billion packets of malicious traffic.

During the first quarter of 2012, malicious traffic increased to 65 TB of data and 1.1 trillion packets that Prolexic identified and mitigated. The company says the change represents an almost 80-fold increase in packets between the fourth quarter of 2011 and the first quarter of 2012. 

China (30.59% of attacks), the U.S. (19.20%) and the Russian Federation (13.4%) are currently the top three source countries of DDoS attacks, the survey says. The other 7 source countries in the top 10 are India (9.52%), Germany (7.30%), France (4.66%), Korea (4.53%), Ukraine (3.91%), U.K. (3.60%) and Brazil (3.28%).

In the fourth quarter of 2011, Japan was the top source country of DDoS events, accounted for 35% of attacks. Behind Japan in the fourth quarter were China (18.65%), Germany (9.08%) and the U.S. (8.01%).

At the start of the first quarter of 2012, most attacks began close to 12:00 Greenwich Mean Time (GMT). This compares with 13:00 GMT for the first quarter of 2011.

The Prolexic analysis shows that 73% of the DDoS events were infrastructure attacks (computer network layers 3 and 4), while 27% were aimed at the application layer (layer 7).

The most “popular” Layer 3 infrastructure attacks were SYN floods, ICMP floods, UDP floods and UDP fragment floods.The most popular Layer 7 application attacks, the survey says, were GET floods and POST floods.