Distributed denial of service attacks, which took down thewebsites of at least two credit unions in 2013, continued to showup in large numbers through the end of the year.

According to Fort Lauderdale, Fla.-based mitigation specialistProlexic, the total number of attacks it detected increased 2% fromthe third quarter to the fourth quarter of 2013.

The company said infrastructure attacks accounted for 76.76% oftotal attacks during the quarter, with application layer attacksmaking up the remaining 23.24%. Both kinds of attacks flood awebsite server or other infrastructure with meaningless datarequests or other inputs, enough to take the site down.

Concern grew in 2013 that the attacks, which at first seemed tointend to disrupt an organization, often for political reasons, hadbecome a way to distract IT staff while criminals inserted malwareor drained online accounts.

According to Prolexic's Q3 2013 Global DDoS Attack Report, theaverage attack duration in the final three months was 22.88 hours,and the company's specialists “mitigated extremely large bandwidthattacks and in some cases, highly sophisticated, multi-vectorattacks.”

Meanwhile, the company's PLXsert engineering team noted thatmobile applications grew in use, including an Android-basedapplication that was used in a DDoS attack against a large Prolexicclient.

“The use of mobile applications in DDoS attacks is an emergingtrend that PLXsert expects to become more prevalent in 2014, asmany of these opt-in apps can be downloaded from online app storesand no experience is required to use them,” the company's reportsaid.

Prolexic also said that as the year ended, the United Statesreplaced China at the top of the top 10 source countries list forDDoS attacks it detected. But overall, the report said Asiancountries – Thailand and South Korea already are at the top of thelist – are emerging as the main source of the world's DDoSattacks.

Techniques that allow attacks to be greatly amplified in volumealso are being developed, and Prolexic called on the securitycommunity as a whole to address the problem of unprepared hostservers.

“So what will 2014 bring? We hope so to see researcherscontinuing their efforts on misconfigured host cleanup, therebyputting a dent in the attackers' amplification arsenal,” theProlexic report concluded.

“We hope that security organizations continue to work withcarriers. (And) there are communities that will continue to keepthe Internet usable for everyone. At the same time, we are awarethat malicious actors will continue to abuse these services andwill research more ways and protocols that can be abused.”