The latest cloud security trends from Akamai’s Q1 2016 Security Report indicate that the retail and gaming sectors were the most affected by DDoS and web application attacks.
Akamai Technologies, Inc. (NASDAQ: AKAM), a global leader in Content Delivery Network services, today released its Q1 2016 Security Report. The quarterly report provides a detailed overview of security threats and analyzes malicious activity detected on the Akamai Intelligent Platform with useful and detailed data.
“We continued to see significant growth in both the number and frequency of DDoS and web application attacks against online resources, and Q1 2016 was no exception,” said Stuart Scholly, Senior Vice President and General Manager of Akamai’s Security Business Unit. ““Interestingly, nearly 60% of the DDoS attacks we mitigated employed at least two vectors at once, making them difficult to defend against. Perhaps the most concerning aspect is that multi-vector attacks are no longer the exclusive domain of the most sophisticated hackers, but have become the norm in the DDoS-for-hire market and are now available to less-skilled actors.”
DDoS Attack Activity at a Glance
In Q1, Akamai mitigated more than 4,500 DDoS attacks, an increase of 125% compared to Q1 2015. As in previous quarters, the vast majority of these attacks used reflection techniques employing tools based on stressers/booters. These divert traffic from servers running vulnerable services, such as DNS, CHARGEN, and NTP. In fact, 70% of DDoS attacks in Q1 used reflection-based DNS, CHARGEN, NTP, or UDP fragment vectors.
More than half of the attacks (55%) targeted gaming companies, while 25% targeted the software and technology sector.
Q1 2016 set a record for the number of DDoS attacks exceeding 100 gigabits per second (Gbps): 19. The largest of the mega-attacks mitigated by Akamai approached 289 Gbps. Fourteen of these attacks used DNS reflection methods. Only five large-scale attacks were recorded in the quarter; the previous record, set in Q3 2014, was 17 events.
In Q4 2015, repeated DDoS attacks became the norm, with an average of 24 attacks per targeted customer. This trend continued in the quarter under review, where targeted customers were attacked an average of 39 times each. One customer was targeted on 283 occasions, approximately three times a day.
DDoS Metrics
Compared to Q1 2015
- 125.36% increase in total DDoS attacks
- 142.14% increase in attacks targeting infrastructure layers (L3 and L4)
- 34.98% decrease in average attack duration: 16.14 vs. 24.82 hours
- 137.5% increase in attacks > 100 Gbps: 19 vs. 8
Compared to Q4 2015
- 22.47% increase in total DDoS attacks
- 23.17% increase in attacks targeting infrastructure layers (L3 and L4)
- 7.96% increase in average attack duration: 16.14 vs. 14.95 hours
- 280% increase in attacks > 100 Gbps: 19 vs. 5
Web Application Attack Activity
Web application attacks increased by nearly 26% compared to Q4 2015. Similar to previous quarters, the retail sector was the most affected, becoming a target in 43% of cases. However, in a shift from the previous quarter, there was a 2% decrease in attacks on HTTP web applications and a 236% increase in attacks on HTTPS web applications. There was also an 87% increase in SQLi attacks compared to the previous quarter.
As in previous quarters, the United States leads as the origin of traffic (43%) and the most frequent target (60%) for web application attacks.
Web Application Attack Metrics
Compared to Q4 2015
- 25.52% increase in total web application attacks
- 1.77% decrease in attacks on HTTP web applications
- 235.99% increase in attacks on HTTPS web applications
- 87.32% increase in SQLi attacks
Bot Activity Snapshot
In its Security Report, Akamai for the first time included an analysis of bot activity. Considering bot activity over a 24-hour period, over 2 trillion bot requests were monitored and analyzed. Regarding known and detected traffic, while 40% consisted of so-called legitimate bots, 50% were identified as malicious and engaged in scraping campaigns or other related operations.
Increase in DDoS Amplification Attacks
From the analysis of data collected on the perimeter of the Akamai Intelligent Platform, a 77% QOTD (Quote of the Day) increase in active DDoS Amplification attacks has emerged: 72% in the case of NTP amplification and 67% regarding the CHARGEN Amplification technique compared to Q4 2015. The number of detected SSDP Amplification attacks, however, decreased by 46%.
To download a free copy of the State of the Internet Report – Security Q1 2016, visit the website stateoftheinternet.com/security-report.
Pubblicato in Guides & Tutorials
Be the first to comment