Layer 7 DDoS attacksUntil recently, brute-force attacks on Layer 3 and 4, the network and transport layers of the internet, were commonplace. These attacks were deployed against a large number of target systems, hoping to hit a vulnerability.
However, Layer 3 and 4 attacks are not as effective as they once were, as content delivery networks (CDNs) are now better able to absorb sudden spikes in network traffic.
Attackers have therefore shifted their attention to the application layer, or Layer 7. These attacks can resemble legitimate HTTP requests and only require a small number of resources, including automated scripts and a knowledge of bottlenecks in the target web application.
While requiring more expertise than for Layer 3 and 4,
Layer 7 DDoS attacks can be highly effective when executed well, meaning they will become increasingly common.