More companies being hit by repeated DDoS attacks: Akamai

Latest DDoS metrics show Web application attacks surging, gamers dominating

Purveyors of distributed denial of service (DDoS) attacks are continuing to ramp up their game, with a growing number of companies being targeted multiple times and overall volumes of large attacks surging over last year.

Gamers dominated the findings of Akamai's latest quarterly State of the Internet Security report, which found that 55 percent of the 4523 observed DDoS attacks were targeted at gaming operators, typically to slow down or interrupt services to online rivals.

Software and technology companies were also heavily targeted, with 25 percent of observed attacks aimed at such companies while more conventional industry sectors – including media & entertainment (5 percent), financial services (4 percent), Internet and telecommunications (4 percent) companies – all suffered approximately the same volume of attacks.

Government institutions got off relatively lightly, accounting for just 2 percent of attacks – on par with retail and consumer-goods companies. Yet these figures represented an overall increase in attacks over the final quarter of 2015, with the total number of DDoS attacks increasing 23 percent and average attack duration up 8 percent on a quarterly basis.

Repeat attacks were observed across the spectrum, with one customer targeted by 4 percent or more of total Web application attacks in seven out of nine observed vectors. Another customer accounted for 12 percent of all attacks observed across the entire quarter, with 60 percent of Shellshock attacks targeted at just two companies.

Likely reflecting the dominance of gaming-related attacks, application-layer DDoS attacks surged 107 percent compared with the previous quarter while infrastructure-layer attacks increased by a more-modest, but still-significant, 23 percent.

DDoS attackers continued to experiment with new application attacks, with reflection attacks comprising 70 percent of all DDoS attacks by leveraging services like DNS and CHARGEN. Attacks leveraging Quote of the Day (QOTD) reflectors increased by 77 percent, while those leveraging NTP jumped 72 percent and CHARGEN reflectors, 67 percent.

Web applications using HTTPS increased 236 percent, in contrast to HTTP-based attacks that were more or less flat. At an average of 16.14 hours, attacks were 35 percent shorter than they were a year ago – but with 59 percent of mitigated DDoS attacks using at least two attack vectors at once, Akamai Security Business Unit senior vice president and general manager Stuart Scholly said in a statement that increased ingenuity by DDoS perpetrators was “making defense more difficult” because each attack vector requires its own discrete mitigation controls.

“Perhaps more concerning,” he continued, “this multi-vector attacks functionality was not only used by the most clever of attackers, it has become a standard capability in the DDoS-for-hire marketplace and accessible to even the least skilled actors.”

The number of mega-attacks (those greater than 100Gbps combined bandwidth) jumped 137 percent, with 19 such attacks recorded during the quarter at up to 289 Gbps. Six attacks were recorded involving more than 30 million data packets per second.

Attacks exploiting Shellshock vulnerabilities surged 688 percent over the previous quarter, with JAVAi (up 340 percent), CMDi (up 221 percent), RFI (up 89 percent), SQLi (up 87 percent) and XSS (up 75 percent) all showing signs of rapid growth; only PHPi, which declined 92 percent over the previous quarter, had become less popular with DDoS perpetrators.

Akamai's State of the Internet figures are based on ongoing analysis through the company's Akamai Intelligent Platform, which analyses more than 15 percent of world Internet traffic to monitor global attack and traffic patterns. Its Cloud Security Intelligence engine includes over 2 petabytes of threat-intelligence data, including 10TB of application-layer attack data collected every day.

Previous reports have found Australia to be the world's second most-attacked Web application target, with the surge in shorter, larger attacks and surge in criminal misuse of stress-test services highlighted in last quarter's report.

Tags DNSweb applicationsakamaiNTPmedia and entertainmentDDoS attacksHTTPSweb application attacksShellshockindustry sectorCHARGEN

Show Comments