Mega Attacks Hits New Record, Repeat Attacks Surge: Akamai
Latest Cloud Security Trends Shared in Akamai’s Q1 2016 State of the Internet - Security Report Show Retail, Gaming Industries Hardest Hit with Web Application and DDoS attacks
Nasdaq-listed Akamai Technologies, the global leader in content delivery network (CDN) services, recently published the Q1 2016 State of the Internet – Security Report. The quarterly report provides a detailed view of the global cloud security threat landscape and in-depth analysis and insight into malicious activity observed across the Akamai Intelligent Platform.
“We have continued to witness significant growth in the number and frequency of DDoS and web application attacks launched against online assets, andQ1 2016 was no exception,” said Stuart Scholly, Senior Vice President and General Manager, Security Business Unit, Akamai. He elaborated that nearly 60 percent of the DDoS attacks Akamai mitigated used at least two attack vectors at once, making defense more difficult. “Perhaps more concerning is that this multi-vector attacks functionality was not only used by the most clever of attackers, it has become a standard capability in the DDoS-for-hire marketplace and accessible to even the least skilled actors,” he said.
DDoS attack activity at a glance
During Q1, Akamai mitigated more than 4,500 DDoS attacks, a 125 percent increase compared with Q1 2015. As in recent quarters, the vast majority of these attacks were based on reflection attacks using stresser/booter-based tools. These tools bounce traffic off servers running vulnerable services such as DNS, CHARGEN, and NTP. In fact, 70 percent of the DDoS attacks in Q1 used the reflection-based DNS, CHARGEN, NTP, or UDP fragment vectors.
More than half of the attacks (55 percent) targeted gaming companies, with another 25 percent targeting the software and technology industry.
Q1 2016 also set a record for the number of DDoS attacks exceeding 100 Gigabits per second (Gbps): 19. The largest of these mega attacks mitigated by Akamai peaked at 289 Gbps. Fourteen attacks relied on DNS reflection methods. Last quarter, there were only fivemega attacks; the previous record was 17, set in Q3 2014.
During Q4 2015, repeat DDoS attacks became the norm, with an average of 24 attacks per targeted customer in Q4. The trend continued this quarter; targeted customers were attacked an average of 39 times each. One customer was targeted 283 times – an average of three attacks per day.
DDoS metrics Compared with Q1 2015
125.36 percent increase in total DDoS attacks
142.14 percent increase in infrastructure layer (layers 3 & 4) attacks
34.98 percent decrease in the average attack duration: 16.14 vs. 24.82 hours
137.5 percent increase in attacks > 100 Gbps: 19 vs. eight
Compared with Q4 2015
22.47 percent increase in total DDoS attacks
23.17 percent increase in infrastructure layer (layers 3 & 4) attacks
7.96 percent increase in the average attack duration: 16.14 vs. 14.95 hours
280 percent increase in attacks > 100 Gbps: 19 vs. five
Web application attack activity
Web application attacks increased nearly 26 percentcompared with Q4 2015. As in past quarters, the retail sector remained the most popular attack target, targeted in 43 percent of the attacks. But in a shift from last quarter, we saw a two percent decrease in web application attacks over HTTP and a 236 percent increase in web application attacks over HTTPS. There was also an 87 percent increase in SQLi attacks compared with the previous quarter.
As in recent quarters, the US was both the most frequent source of web application attack traffic (43 percent) and the most frequent target (60 percent).
Web application attack metrics Compared with Q4 2015
25.52 percent increase in total web application attacks
1.77 percent decrease in web application attacks over HTTP
235.99 percent increase in web application attacks over HTTPS
87.32 percent increase in SQLi attacks
Bot activity snapshot
For the first time, Akamai has included an analysis of bot activity in the State of the Internet - Security Report. Looking at bot activity over 24 hours, they tracked and analyzed more than two trillion bot requests. While identified and known, so-called good bots represented 40 percent of the bot traffic, 50 percent of the bots were determined to be malicious and were engaged in scraping campaigns and related activity.