Distributed Denial of Service (DDoS) attacks continue to increase in number and frequency, as well as in size and sophistication, in 1Q’16, according to DDoS attack data from Akamai. The company thwarted more than 4,500 DDoS attacks in 1Q, an increase of 125 percent. The DDoS attack data was published in Akamai’s latest quarterly ¨State of the Internet – Security Report.¨
Yet more troubling, more sophisticated multi-vector DDoS capability is now widely accessible to even newbie ¨black hat¨ hackers in the ¨DDoS-for-hire-marketplace,¨ SVP and GM of Akamai’s Security Business Unit Stuart Scholly elaborated. “Interestingly, nearly 60 percent of the DDoS attacks we mitigated used at least two attack vectors at once, making defense more difficult,¨ he pointed out.
Gaming companies were the targets of more than half the attacks (55 percent). Software and technology industry company websites accounted for another 25 percent, Akamai highlights in a press release.
DDoS Attack Data
When it comes to Web applications, retailers were the most frequently targeted, accounting for 43 percent of the 1Q total. Consistent with previous quarterly data, the U.S. was both the most frequent source (43 percent) and most frequent target (60 percent).
Akamai also noted a shift as Web application attacks over HTTP dropped 2 percent quarterly but attacks over HTTPS rose 236 percent. SQLi attacks rose 87 percent.
In addition to increasing use of multiple DDoS attack vectors, perpetrators are launching more ¨reflector attacks¨ in which they use so-called ¨stressor/booster-based tools¨ to bounce traffic off servers that run vulnerable services, such as DNS, CHARGEN and NTP. More than 7 in 10 of DDoS attacks Akamai tracked during 1Q used these vectors.
Analysis of firewall data gleaned from the perimeter of the Akamai Intelligent Platform revealed the use of active Quote of the Day (QOTD) reflectors rose 77 percent, NTP reflectors 72 percent and CHARGEGEN reflectors 67 percent as compared to 4Q´15.
DDoS attacks also continue to grow larger, or rather take up more bandwidth. Akamai tracked a record high 19 ¨mega attacks¨ in excess of 100 Gbps in 1Q. There were just five in 4Q´15. The previous record of 17 was set in 3Q´14.
The largest DDoS mega-attack Akamai registered peaked at 289 Gbps. Fourteen of the 19 in 1Q used DNS reflection methods.
Repeat DDoS attacks increased to become the norm in 4Q’15, Akamai continues, and the rising trend carried on in 1Q’16. Targeted websites were attacked an average 39 times each in 1Q, up 24 in 4Q’15. One Akamai customer’s website was targeted 283 times, an average of three DDoS attacks per day.
Comparing 1Q´16 to 4Q´15, Akamai found.
- 125.36 percent increase in total DDoS attacks
- 142.14 percent increase in infrastructure layer (layers 3 & 4) attacks
- 34.98 percent decrease in the average attack duration: 16.14 vs. 24.82 hours
- 137.5 percent increase in attacks > 100 Gbps: 19 vs. eight
Compared with Q4 2015
- 22.47 percent increase in total DDoS attacks
- 23.17 percent increase in infrastructure layer (layers 3 & 4) attacks
- 7.96 percent increase in the average attack duration: 16.14 vs. 14.95 hours
- 280 percent increase in attacks > 100 Gbps: 19 vs. five
Akamai’s 1Q´16 report for the first time includes an analysis of ¨bot¨activity. Tracking and analyzing more than 2 trillion bot requests, Akamai determined that ¨good bots¨ represented 40 percent of total ¨bot¨ traffic. Fifty percent were determined to be malicious.
Image courtesy of flickr user Yuri Samoilov.