UK becomes the world's number two target for DDoS hackers
'Boredom and spite' behind 220% increase in DDoS attacks, finds Imperva


DDoS attacks have increased more than 220%, with the UK becoming the second most popular target in the world, according to research conducted by security firm Imperva.
The company's annual DDoS threat landscape report found that DDoS - or Distributed Denial of Service - attacks rose by 221% between 1 April 2015 and 31 March 2016.
This uptick was fuelled by the increasing availability of IP stressers and booters, which can effectively act as a 'DDoS-for-hire' service, Imperva said. Use of these tools comprised over 90% of all DDoS attacks in Q1 2016.
Booters and stressers are commonly used to stress-test websites' ability to cope with massive traffic volumes, but can also be used by malicious hackers as a cheap and easy way to take a site offline by flooding it with traffic.
The US fared worst in the number of DDoS attacks suffered, experiencing 50.3% of all attacks in Q1 2016, followed by the UK at 9.2%, then Japan at 6.7%, while the Germany suffered 3.1% of attacks and the Netherlands counted 2.9%.
UK businesses suffered a huge 23.2% of all attacks in the last three months of 2015, Its report read: "While the majority of attacks in the UK targeted small and medium sized organizations, this trend also translated into several high-profile assaults, including the takedowns of the BBC, HSBC UK and the Irish National Lottery."
"Distributed Denial of Service (DDoS) attacks are now readily available as a subscription service for the price of a deli Sandwich," said ESET security specialist Mark James, "and these services enable you to have all the benefits of large traffic based attacks without the need of the hardware to back it up.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Sadly many small businesses will not have any measures in place to mitigate these types of attacks, seeking help through professional services and expertise should be on your list when taking the multi-layered security approach you need in protecting the modern digital business."
"The fact that DDoS-for-hire now accounts for over 90 percent of all assaults paints a new profile of top bad actors," the report added. "These are non-professionals who use DDoS for racketeering or to instigate attacks out of boredom or spite. The existence of such unpredictable offenders poses a new threat to many online entities that traditionally didn't consider themselves a potential target."
This "hobbyist" activity means that most of the DDoS activity observed by Imperva was brief and unsophisticated, with 66% of attacks using just one attack vector and almost 90% lasting less than an hour.
However, the figures also revealed how hackers can use DDoS attacks as part of a wider breach strategy. According to Imperva, experienced hackers sometimes launch multiple short DDoS attacks, spaced out over weeks.
This has the effect of exhausting security and response teams by keeping them on high alert around the clock. DDoS attacks can also be used as a smokescreen, distracting security operatives from a hackers's real goal, such as sabotage or data exfiltration.
Imperva's research also revealed that attackers are becoming more persistent. In the first quarter of 2016, half of all targets were hit by more than one attack, with nearly 20% hit by almost five.
Adam Shepherd has been a technology journalist since 2015, covering everything from cloud storage and security, to smartphones and servers. Over the course of his career, he’s seen the spread of 5G, the growing ubiquity of wireless devices, and the start of the connected revolution. He’s also been to more trade shows and technology conferences than he cares to count.
Adam is an avid follower of the latest hardware innovations, and he is never happier than when tinkering with complex network configurations, or exploring a new Linux distro. He was also previously a co-host on the ITPro Podcast, where he was often found ranting about his love of strange gadgets, his disdain for Windows Mobile, and everything in between.
You can find Adam tweeting about enterprise technology (or more often bad jokes) @AdamShepherUK.
-
RSAC Conference 2025: The front line of cyber innovation
ITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
Anthropic CEO Dario Amodei thinks we're burying our heads in the sand on AI job losses
News With AI set to hit entry-level jobs especially, some industry execs say clear warning signs are being ignored
-
UK crime fighters wrangle “several thousand” potential cyber criminals in DDoS-for-hire honeypot
News The sting follows a recent crackdown on DDoS-for-hire services globally
-
US begins seizure of 48 DDoS-for-hire services following global investigation
News Six people have been arrested who allegedly oversaw computer attacks launched using booters
-
Will triple extortion ransomware truly take off?
In-depth Operators are now launching attacks with three extortion layers, but there are limitations to this model
-
GoDaddy web hosting review
Reviews GoDaddy web hosting is backed by competitive prices and a beginner-friendly dashboard, and while popular, beware of hidden prices
-
Japan investigates potential Russian Killnet cyber attacks
News The hacker group has said it’s revolting against the country’s militarism and that it’s “kicking the samurai”
-
LockBit hacking group to be 'more aggressive' after falling victim to large-scale DDoS attack
News The ransomware group is currently embroiled in a battle after it leaked data belonging to cyber security company Entrust
-
Record for the largest ever HTTPS DDoS attack smashed once again
News The DDoS attack lasted 69 minutes and surpassed the previous record of 26 million RPS
-
Cloudflare mitigates biggest ever HTTPS DDoS attack
News A botnet generated over 212 million HTTPS requests from over 1,500 networks in 121 countries