The first quarter of 2015 saw a record number of direct denial of service (DDoS) attacks, according to network service provider, Akamai.
The firm released its Q1 2015 State of the Internet - Security Report that detailed a record for the number of DDoS attacks observed across its PLXrouted network.
The figures showed a 35 per cent increase on the previous quarter and a 116.5 per cent increase on the same period in 2014.
Akamai said the attack profile for these incidents had also changed. Last year, high bandwidth and short duration attacks were most common, but in 2015 they were smaller in size and longer in duration.
Attack vectors also shifted in the past year. So far in 2015, Simple Service Discovery Protocol (SSDP) attacks accounted for more than 20 per cent of the attack vectors. This form of attack was not observed at all in the first half of 2014.
SSDP comes enabled by default on Internet of Things (IoT) devices to allow them to discover each other on a network, establish communication and coordinate activities.
If left unsecured or misconfigured, these IoT devices can be harnessed for use as reflectors.
A reflector is a potentially legitimate third party component used to send attack traffic to a victim, ultimately hiding the attackers’ own identity.
The attackers send packets to the reflector with a source IP address set to their victim’s IP therefore indirectly overwhelming the victim with the response packets.
Akamai director enterprise security Asia Pacific and Japan, John Ellis, said one of the reasons for the increase in these types of attacks was the lack of security for IoT devices.
“Over the last 18 months there has been a lot of insecure infrastructure around [network time protocol] NTP and [domain name system] DNS.”
“These IoT devices are then used to amplify and reflect an attack to a particular target.”
Gaming sector still the biggest target
The gaming sector was again hit with more DDoS attacks than any other industry. Gaming has remained the most targeted industry since Q2 2014, consistently being targeted in 35 per cent of attacks.
The software and technology sector was the second most targeted industry in Q1 2015, with 25 per cent of all attacks observed by Akamai.
The company concentrated its analysis on seven common web application attack vectors, which accounted for 178.85 million web application attacks observed.
These vectors included SQL injection (SQLi), local file inclusion (LFI), remote file inclusion (RFI), PHP injection (PHPi), command injection (CMDi), OGNL Java injection (JAVAi) and malicious file upload (MFU).
SQLi attacks were also common, making up more than 29 per cent of web application attacks. Akamai said a substantial portion of the SQLi attacks were related to attack campaigns against two companies in the travel and hospitality industry. The other five attack vectors collectively made up the remaining five percent of attacks.
“It comes down to good, secure coding,” said Ellis.
“Many organisations still do not have sanitised coding practices and this leaves them vulnerable. It’s been around for 15 years and it’s still a big problem.”
According to the report, the retail sector was the hardest hit by web application attacks, followed by the media and entertainment, hotel and travel sectors.
There were eight incidents described as ‘mega-attacks’ in Q1, each exceeding 100 Gbps. The firm said such large attacks were rarely seen a year ago. The largest attack it observed this year peaked at 170 Gbps.
A vast majority of attacks observed came from China. Ellis explained that the sheer volume of internet users coupled with low levels of security, made China attractive to DDoS attackers.
“You just need to look at the numbers. China has around 1.4 billion people, of those, 640 million are online and well over 50 per cent of the desktops are infected with malware,” he said.
“For a cyber criminal, this is fantastic because there is all this infrastructure that can be exploited to build out an attack infrastructure.Read more: Impact Systems adds Mionix to the gaming mix
"A lot of cybercriminals are building out these botnets, putting a nice facade on them and offering legitimate stress testing services, all this is effectively doing is passing on the target information to the bots that they control.
"China does not have extradition treaties with many countries. so it is difficult for organisations like Interpol to apprehend criminals based in China" he said.