DDoS attacks skyrocket: Akamai State of Internet Report
- 24 October, 2014 12:01
Distributed denial of service attacks have acceleted in terms of size and volume in the third quarter of 2014, according to the Akamai State of the Internet - Security Report.
Compared to last year, this quarter saw a 389 per cent increase in average attack bandwidth, a 366 per cent increase in average peak packets per second, a 43 per cent increase in infrastructure layer attacks and a 22 per cent overall increase in DDoS attacks.
Akamai vice-president, security business unit, John Summers, said DDoS attack size and volume had gone through the roof this year.
“In the third quarter alone, Akamai mitigated 17 attacks greater than 100 gigabits-per-second, with the largest at 321 Gbps," he said.
"Interestingly, we witnessed none of that size in the same quarter a year ago and only six last quarter. T
"These mega-attacks each used multiple DDoS vectors to deliver large bandwidth-consuming packets at an extremely high rate of speed.”
The report found a brute force approach characterised the most significant campaigns as attackers shifted towards new attack methods and enhanced older attack methods to consume more bandwidth.
These record‑setting DDoS attack campaigns marked an 80 percent increase in average peak bandwidth in Q3 compared to the previous quarter and a four-fold increase from the same period a year ago.
The quarter also saw an increase in average peak packets per second, recording a 10 per cent increase over the previous quarter and a four-fold increase compared the same quarter in 2013.
Malicious actors have found ways to involve a wider base of devices to expand DDoS botnets and produce larger DDoS attacks.
Akamai has observed botnet-building efforts in which malicious actors sought to control systems by gaining access through vulnerable web applications on Linux-based machines.
Attackers have also expanded to a new class of device including smartphones and embedded devices, such as customer-premises equipment (CPE), home cable modems, mobile devices, and a great variety of Internet-enabled devices including home-based and wearables within the category of the Internet of Things (IoT).
Attacks with both high bandwidth and high volume were made possible by the use of multi-vector attack methods.
While, more sophisticated, multi-vector attacks became the norm this quarter, with more than half (53 per cent) of all attacks utilising multiple attack vectors.
This was an 11 per cent increase in multi-vector attacks compared to last quarter, and a nine percent increase compared to Q3 2013.
Multi-vector attacks have been fuelled by the increased availability of attack toolkits with easy-to-use interfaces as well as a growing DDoS-for-hire criminal industry.
The phishing attacks were also prominent with multiple attacks targeted Google Enterprise users in order to harvest user credentials and gain access to confidential information.
With this information, hacktivists successfully compromised third-party content feeds on popular media websites, such as CNN, the Associated Press and others.
The highest profile group of hacktivists targeting third-party content providers is the Syrian Electronic Army (SEA), which typically sends emails with a falsified link to a large number of employees in a targeted company or its third-party content provider.
Users who click the link are presented with what looks like a login screen to harvest the user’s sign-in credentials in a form of identity theft.