DDoS attacks surge: Four-fold year-over-year increase in DDoS attack size and volume
Thriving criminal industry taps into Internet devices, spreads easy-to-use tools
Akamai Technologies, Inc. (NASDAQ: AKAM), the leading provider of cloud services for delivering, optimizing and securing online content and business applications, today announced availability of the Q3 2014 State of the Internet – Security Report. Akamai's Prolexic Security Engineering and Research Team (PLXsert) is a recognized leader in Distributed Denial of Service (DDoS) protection services and strategies. This quarter's report, which provides analysis and insight into the global attack threat landscape including DDoS attacks, can be downloaded at www.stateoftheinternet.com/security-report.
"DDoS attack size and volume have gone through the roof this year," said John Summers, vice president, Security Business Unit at Akamai Technologies. "In the third quarter alone, Akamai mitigated 17 attacks greater than 100 gigabits-per-second, with the largest at 321 Gbps. Interestingly, we witnessed none of that size in the same quarter a year ago and only six last quarter. These mega-attacks each used multiple DDoS vectors to deliver large bandwidth-consuming packets at an extremely high rate of speed."
A brute force approach characterized the most significant campaigns in Q3 as attackers shifted towards new attack methods and enhanced older attack methods to consume more bandwidth. These record setting DDoS attack campaigns marked an 80 percent increase in average peak bandwidth in Q3 compared to the previous quarter and a four-fold increase from the same period a year ago. Q3 also saw an increase in average peak packets per second, recording a 10 percent increase over the previous quarter and a four-fold increase compared the same quarter in 2013.
Malicious actors have found ways to involve a wider base of devices to expand DDoS botnets and produce larger DDoS attacks. PLXsert has observed botnet-building efforts in which malicious actors sought to control systems by gaining access through vulnerable web applications on Linux-based machines. Attackers have also expanded to a new class of device including smartphones and embedded devices, such as customer-premises equipment (CPE), home cable modems, mobile devices, and a great variety of Internet-enabled devices including home-based and wearables within the category of the Internet of Things (IoT).
Attacks with both high bandwidth and high volume were made possible by the use of multi-vector attack methods. More sophisticated, multi-vector attacks became the norm this quarter, with more than half (53 percent) of all attacks utilizing multiple attack vectors. This was an 11 percent increase in multi-vector attacks compared to last quarter, and a nine percent increase compared to Q3 2013. Multi-vector attacks have been fueled by the increased availability of attack toolkits with easy-to-use interfaces as well as a growing DDoS-for-hire criminal industry.
Highlights from the Akamai PLXsert Q3 2014 State of the Internet - Security Report
Compared to Q3 2013
22 percent increase in total DDoS attacks
389 percent increase in average attack bandwidth
366 percent increase in average peak packets per second
44 percent decrease in application layer attacks
43 percent increase in infrastructure layer attacks
5 percent increase in average attack duration
9 percent increase in multi-vector attacks
Compared to Q2 2014
2 percent increase in total DDoS attacks
80 percent increase in average attack bandwidth
10 percent increase in average peak packets per second
2 percent increase in application layer attacks
2 percent increase in infrastructure layer attacks
29 percent increase in average attack duration
11 percent increase in multi-vector attacks
183 percent increase in high bandwidth (100+ Gbps) attacks: 17 vs. 6
Phishing attacks compromise media websites
During Q3, another kind of attack was also prominent – phishing attacks. Multiple phishing attacks targeted Google Enterprise users in order to harvest user credentials and gain access to confidential information. With this information, hacktivists successfully compromised third-party content feeds on popular media websites, such as CNN, the Associated Press and others.
The highest profile group of hacktivists targeting third-party content providers is the Syrian Electronic Army (SEA), which typically sends emails with a falsified link to a large number of employees in a targeted company or its third-party content provider. Users who click the link are presented with what looks like a login screen to harvest the user's sign-in credentials in a form of identity theft.
Corresponding to availability of the Q3 2014 State of the Internet – Security Report, Akamai is also announcing the launch of stateoftheinternet.com. This new portal serves as the home for content and information intended to provide an informed view into online connectivity and cybersecurity trends as well as related metrics, including Internet connection speeds, broadband adoption, mobile usage, outages, and cyber-attacks and threats. Visitors to stateoftheinternet.com can find current and archived versions of Akamai's State of the Internet (Connectivity and Security) reports, the company's data visualizations, and other resources designed to help put context around the ever changing Internet landscape. Further, with the launch of stateoftheinternet.com also comes availability of the State of the Internet mobile app for Android. Visit http://www.stateoftheinternet.com/resources-report-state-of-the-internet.html for more information and to download the app.
Akamai® is the leading provider of cloud services for delivering, optimizing and securing online content and business applications. At the core of the Company’s solutions is the Akamai Intelligent Platform™ providing extensive reach, coupled with unmatched reliability, security, visibility and expertise. Akamai removes the complexities of connecting the increasingly mobile world, supporting 24/7 consumer demand, and enabling enterprises to securely leverage the cloud. To learn more about how Akamai is accelerating the pace of innovation in a hyperconnected world, please visit www.akamai.com or blogs.akamai.com, and follow @Akamai on Twitter.