F5 Labs finds rise in Denial-of-Service and password login attacks

F5 Labs finds rise in Denial-of-Service and password login attacks

A10 Networks Thunder TPS with ZAP is available now

Denial-of-Service (DoS) and password login attacks such as brute force and credential stuffing are on the rise, according to new research from F5 Labs.

The analysis of three years of incidents reported to the F5 Security Incident Response Team (SIRT) also found that Application Programming Interface (API) attacks are becoming increasingly widespread.

“Attackers, as always, choose the most efficient ways to turn a profit. Our weaknesses are their opportunities. We can definitely expect more password login, DoS and API attacks on the horizon,” said Raymond Pompon, Director of F5 Labs.

F5 Labs found that nearly a third (32%) of all F5 SIRT’s annually reported incidents were DoS attacks. However, the percentage is creeping up with 36% of incidents reported in 2020.

Most DoS attacks are network volumetric floods (commonly known as TCP SYN or UDP floods). F5 SIRT also received reports of ‘Slow POST/Slowloris’ attacks, designed to initiate and keep as many of a victim’s connections open as possible. A total of 19% of reported DoS incidents involved attacks on DNS.

DoS attacks were most prominent in the APCJ region, accounting for 57% of its reported SIRT incidents. EMEA was next in the firing line with 47%, followed by the US and Canada (33%) and LATAM (30%). EMEA experienced the biggest jump in its percentage of reported incidents since 2018, rising from 22% to 23% in 2020, which represents an eye-catching 945% spike.

Browse our latest issue

Intelligent CISO

View Magazine Archive