Multi-vector attacks functionality now a “standard capability” in the DDoS-for-hire marketplace

07 June 2016

The start of the year saw a record 19 DDoS attacks exceeding 100Gbps, beating the previous all-time high of 17 set last year.

The start of the year saw a record 19 DDoS attacks exceeding 100Gbps, beating the previous all-time high of 17 set last year.

 

The first quarter of 2016 saw significant growth in the number and frequency of DDoS and web application attacks launched against online assets, according to the latest State of the Internet – Security Report from Akamai Technologies. 

Akamai specialises in CDN services, and its quarterly reports provide in-depth analysis and insight into malicious activity observed across its Intelligent Platform. This consists of more than 210,000 servers around the world, and is claimed to regularly transmit around 15 to 30 per cent of all internet traffic. 

During Q1, Akamai says it mitigated more than 4,500 DDoS attacks, a 125 per cent increase compared with Q1/15. As in recent quarters, the company says the vast majority of these attacks were based on reflection attacks using stresser/booter-based tools. These tools bounce traffic off servers running vulnerable services such as DNS, CHARGEN and NTP. Akamai says 70 per cent of the DDoS attacks in Q1 used the reflection-based DNS, CHARGEN, NTP, or UDP fragment vectors.

“Interestingly, nearly 60 per cent of the DDoS attacks we mitigated used at least two attack vectors at once, making defence more difficult,” says the company’s SVP and general manager Stuart Scholly.

“Perhaps more concerning, this multi-vector attacks functionality was not only used by the most clever of attackers, it has become a standard capability in the DDoS-for-hire marketplace and accessible to even the least skilled actors.”

More than half of the attacks (55 per cent) targeted gaming companies, with another 25 per cent targeting the software and technology industry.

The quarter also saw 19 DDoS attacks exceeding 100Gbps, beating the previous record of 17 that was set in Q3/14. The largest of these mega attacks mitigated by Akamai peaked at 289Gbps, and 14 attacks relied on DNS reflection methods. Last quarter, there were only five mega attacks.

During Q4/15, Akamai found that repeat DDoS attacks had become the norm, with an average of 24 attacks per targeted customer during the quarter. It says the trend continued in Q1/15: targeted customers were attacked an average of 39 times each, while one customer was targeted 283 times – an average of three attacks per day.

Compared with Q1 2015, the latest report reveals a 125.36 per cent increase in total DDoS attacks, and a 142.14 per cent increase in infrastructure layer (L3 and L4) attacks.

Web application attacks increased nearly 26 per centcompared with Q4/15. As in past quarters, the retail sector remained the most popular target and figured in43 per cent of the attacks. 

But in a shift from last quarter, Akamai saw a two per cent decrease in web application attacks over HTTP and a 236 per cent increase in web application attacks over HTTPS. There was also an 87 per cent increase in SQLi attacks compared with the previous quarter.

As in recent quarters, the US was both the most frequent source of web application attack traffic (43 per cent) and the most frequent target (60 per cent).

For the first time, Akamai included an analysis of bot activity. Over a 24 hour period, it tracked and analysed more than two trillion bot requests. While identified and known, so-called good bots represented 40 per cent of the bot traffic. But 50 per cent of the bots were determined to be malicious and were engaged in scraping campaigns and related activity.

Q1 2016 State of the Internet – Security Report