Akamai PLXsert's Q4 2014 State of the Internet - Security Report Released
Number of DDoS attacks nearly doubled in a year; expanded global DDoS traffic sources; nearly half of all DDoS attacks used multiple attack vectors
Akamai Technologies, Inc. (NASDAQ: AKAM), the leading provider of cloud services for delivering, optimizing and securing online content and business applications, today announced the availability of the Q4 2014 State of the Internet – Security Report. The report is produced by Akamai's Prolexic Security Engineering and Research Team (PLXsert), leading professionals in distributed denial of service (DDoS) protection and cloud security services and strategies. This quarter’s report, which provides analysis and insight into the global attack threat landscape including DDoS attacks observed across the PLXrouted network, can be downloaded at www.stateoftheinternet.com/security-report.
"An incredible number of DDoS attacks occurred in the fourth quarter, almost double what we observed in Q4 a year ago," said John Summers, vice president, Cloud Security Business Unit, Akamai. "Denial of service is a common and active threat to a wide range of enterprises. The DDoS attack traffic was not limited to a single industry in the news, such as online entertainment in December. Instead, attacks were spread among a wide variety of industries."
Akamai also observed a 90 percent increase in average peak bandwidth of DDoS attacks compared to Q4 a year ago. Large packets of unwanted network traffic can quickly sap an enterprise's ability to respond to legitimate customers, resulting in denial of service outages. Most unprotected sites cannot withstand a typical DDoS attack. As a result, DDoS attacks have become part of the common cybersecurity threatscape that all enterprises with an online presence must anticipate in a risk assessment.
DDoS-for-hire and the rise of reflection and multi-vector attacks
Resourceful DDoS-for-hire booter suites took a low-investment approach by tapping into reflection-based DDoS attacks. Nearly 40 percent of all DDoS attacks used reflection techniques, which rely on Internet protocols that respond with more traffic than they receive and do not require an attacker to gain control over the server or device.
Widespread availability of for-hire DDoS services allowed low-level, non-technical attackers to purchase ready-to-use DDoS services. The expansion of the DDoS-for-hire market also promoted the use of multi-vector campaigns, as the competitive market drove attack innovation. Significantly more multi-vector attacks were observed – 88 percent more than in Q4 2013. More than 44 percent of all attacks used multiple attack vectors.
Changing global distribution of DDoS targets and sources
DDoS attacks were distributed more evenly around the clock in Q4, a DDoS trend that appears to be fueled by an increasing number of targets of greater value in previously underrepresented geographic locations. In addition, geographical sources of malicious traffic have shifted. The United States and China continued as the lead source countries for DDoS traffic, but instead of the BRIC block that dominated in Q3 2014, Q4 DDoS attack traffic came in large part from the United States, China and Western Europe.
Highlights from the Akamai PLXsert Q4 2014 State of the Internet – Security Report
Compared to Q4 2013
90 percent more DDoS attacks
52 percent increase in average peak bandwidth
77 percent decrease in average peak packets per second
16 percent less application layer attacks
58 percent more infrastructure layer attacks
28 percent increase in average attack duration
84 percent more multi-vector attacks
9 vs. zero 100+ Gbps attacks
Compared to Q3 2014
57 percent more DDoS attacks
54 percent decrease in average peak attack bandwidth
83 percent decrease in average peak packets per second
51 percent increase in web application layer attacks
121 percent more infrastructure layer attacks
31 percent increase in average attack duration
38 percent more multi-vector attacks
47 percent fewer 100+ Gbps attacks (9 vs. 17)
A look into botnets
Malware is often used for DDoS botnet expansion. Malware trends – multiplatform, operating system awareness, and destructive malware – are described in the Security Report. In addition, Akamai profiled multiple web application attack botnets using a new analysis technique that takes advantage of data gleaned from the Akamai Intelligent Platform™. The identified botnets were set up to automate the discovery of web application vulnerabilities for Remote File Inclusion (RFI) and Operating System (OS) Command Injection attacks. Akamai researchers profiled the botnets by identifying malicious code resource URLs and payloads that were identical among seemingly unrelated attacks. An attack payload was used to aggregate data and map botnet activity, actors and victim web applications. This profiling technique can help identify more attack sources.
Mitigation of bots, scrapers and spiders
While denial of service attacks impacts site performance significantly, web crawlers can also affect site performance to a lesser degree. The most poorly coded crawlers may even resemble DDoS traffic. Akamai classifies web crawlers based on desirability and impact on site performance. The Security Report provides advice on classifying and mitigating their effects.
Akamai's stateoftheinternet.com shares content and information intended to provide an informed view into online connectivity and cybersecurity trends as well as related metrics, including Internet connection speeds, broadband adoption, mobile usage, outages, and cyber-attacks and threats. Visitors to stateoftheinternet.com can find current and archived versions of Akamai's State of the Internet (Connectivity and Security) reports, the company's data visualizations and other resources designed to help put context around the ever changing Internet landscape.
Akamai® is the leading provider of cloud services for delivering, optimizing and securing online content and business applications. At the core of the Company’s solutions is the Akamai Intelligent Platform™ providing extensive reach, coupled with unmatched reliability, security, visibility and expertise. Akamai removes the complexities of connecting the increasingly mobile world, supporting 24/7 consumer demand, and enabling enterprises to securely leverage the cloud. To learn more about how Akamai is accelerating the pace of innovation in a hyperconnected world, please visit www.akamai.com or blogs.akamai.com, and follow @Akamai on Twitter.