The latest cloud security trends from Akamai’s Q1 2016 Security Report highlight that the retail and gaming sectors were hit hardest by DDoS and web application attacks.
Akamai Technologies, Inc. (NASDAQ: AKAM), a global leader in Content Delivery Network services, today released its Security Report for the First Quarter of 2016The quarterly report provides a detailed overview of the security threat landscape and provides detailed, actionable data analysis of malicious activity detected across the Akamai Intelligent Platform.
“We have continued to see significant growth, both in number and frequency, of DDoS and web application attacks launched against online resources, and Q1 2016 was no exception.”, has said Stuart Scholly, Senior Vice President and General Manager of the Security Business Unit at Akamai. “Interestingly, nearly 60% of mitigated DDoS attacks employed at least two vectors at once, making them difficult to defend against. Perhaps most worryingly, multi-vector attacks are no longer the exclusive preserve of experienced hackers: they've become the norm in the DDoS-for-hire market and are available to even less experienced actors.".
DDoS attack activity in brief
During Q1, Akamai mitigated over 4,500 DDoS attacks, a 125% increase from Q1 2015. As in recent quarters, the vast majority of these attacks relied on reflection techniques that employed stresser/booter-based tools. These redirect traffic away from servers running vulnerable services, such as DNS, CHARGEN, and NTP. In fact, 70% of DDoS attacks in Q1 used reflection-based DNS, CHARGEN, NTP, or UDP fragment vectors.
Over half of the attacks (55%) targeted gaming companies, while 25% targeted the software and technology sector.
Q1 2016 set a record for the number of DDoS attacks exceeding 100 gigabits per second (Gbps): 19. The largest of the mega-attacks mitigated by Akamai reached nearly 289 Gbps. DNS reflection methods were used in fourteen of these attacks. Only five large attacks were recorded in the quarter under review; the previous record, set in Q3 2014, was 17 events.
In Q4 2015, repeated DDoS attacks became the norm, with an average of 24 attacks per affected customer. This trend continued in the quarter under review, with affected customers being attacked an average of 39 times each. A customer was targeted 283 times, approximately three times per day.
DDoS Metrics
Compared to Q1 2015
- 125.36% increase in total DDoS attacks
- 142.14% increase in attacks targeting infrastructure layers (layers 3 and 4)
- 34.98% decrease in average attack duration: 16.14 vs. 24.82 hours
- 137.5% increase in attacks > 100 Gbps: 19 vs. 8
Compared to Q4 2015
- 22.47% increase in total DDoS attacks
- 23.17% increase in attacks targeting infrastructure layers (layers 3 and 4)
- 7.96% increase in average attack duration: 16.14 vs. 14.95 hours
- 280% increase in attacks > 100 Gbps: 19 vs. 5
Web Application Attack Activity
Web application attacks increased by nearly 26% compared to Q4 2015. As in previous quarters, the retail sector was the most affected, being targeted in 43% of cases. However, unlike the previous quarter, there was a 2% decrease in HTTP web application attacks and a 236% increase in HTTPS web application attacks. SQLi attacks also increased by 87% compared to the previous quarter.
As in recent quarters, the United States remains the most frequent traffic source (43%) and target (60%) of web application attacks.
Web Application Attack Metrics
Compared to Q4 2015
- 25.52% increase in total web application attacks
- 1.77% decrease in HTTP web application attacks
- 235.99% increase in attacks on web applications over HTTPS
- SQLi attacks increase by 87.32%
Snapshot of bot activity
Akamai's Security Report included, for the first time, an analysis of bot activity. Considering bot activity over a 24-hour period, over 2 trillion bot requests were monitored and analyzed. Of the known and detected traffic, 40% consisted of so-called legitimate bots, while 50% was identified as malicious and engaged in scraping campaigns or other related operations.
Increase in DDoS Amplification Attacks
Analysis of data collected on the Akamai Intelligent Platform perimeter revealed a 77% QOTD (Quote of the Day) increase in active DDoS Amplification attacks to date: 72% for NTP amplification and 67% for CHARGEN Amplification compared to Q4 2015. The number of SSDP Amplification attacks detected decreased by 46%.
To download a free copy of the Status Report Internet – Security Q1 2016, visit the website stateoftheinternet.com/security-report.
Published in Guide & Tutorial
Be the first to comment