CAMBRIDGE, Mass., Dec. 8, 2015 /PRNewswire/ --
- Akamai mitigated a record 1,510 DDoS attacks, a 180%
increase over Q3 a year ago; and 23% more than last
quarter
- The use of reflection-based DDoS methods by DDoS-for-hire
sites resulted in smaller attacks on average than we have observed
from infection-based botnets
- Retail suffered the vast majority of web application attacks
-- 55%; online gaming hit by the most DDoS attacks; media and
entertainment faced more of the biggest DDoS attacks
Akamai Technologies, Inc. (NASDAQ: AKAM), the global leader in
content delivery network (CDN) services, today announced the
availability of the Q3 2015 State of the Internet – Security
Report. The Q3 2015 report, which provides analysis and insight
into the global cloud security threat landscape, can be downloaded
at www.stateoftheinternet.com/security-report.
"Akamai has been seeing greater numbers of denial of service
attacks every quarter, and the upward trend continued in the most
recent quarter. Although recent DDoS attacks were on average
smaller and shorter, they still posed a significant cloud security
risk," said John Summers, vice
president, Cloud Security Business Unit, Akamai. "Attacks are being
fueled by the easy availability of DDoS-for-hire sites that
identify and abuse exposed Internet services, such as SSDP, NTP,
DNS, CHARGEN, and even Quote of the Day."
DDoS attack activity at a glance
DDoS attack activity
across the Akamai routed network jumped 23% this quarter from
already record levels to 1,510 attacks, an increase of 180% over Q3
2014. Although there were substantially more attacks, on average
the attacks were shorter with lower average peak bandwidth and
volume. Mega attacks (greater than 100 Gbps) were fewer: eight were
recorded in Q3 compared to 12 in Q2 and 17 in Q3 a year ago. The
largest bandwidth DDoS attack in Q3 – leveraging the XOR DDoS
botnet – measured 149 Gbps. This was down from the peak 250 Gbps
DDoS attack last quarter. Of the eight mega attacks, the media and
entertainment sector was targeted most frequently, with three
attacks.
While attack bandwidth was down, Q3 hit a record by a different
measure of attack size. A firm in the media and entertainment
industry was hit by a record-breaking 222 million packets per
second (Mpps) DDoS attack, a small increase over a record-breaking
attack of 214 Mpps in Q2. This large attack can be compared to an
average peak volume of 1.57 Mpps for all DDoS attacks observed by
Akamai in Q3. An attack of this size could bring down a tier 1
router, such as those used by Internet service providers
(ISPs).
The online gaming sector was hit particularly hard by DDoS
attacks in Q3 2015, accounting for 50% of the recorded DDoS
attacks. Gaming was followed by software and technology, which
suffered 25% of all attacks. Online gaming has been the most
targeted industry for more than a year.
Reflection-based DDoS attacks are proving more popular than
infection-based DDoS. Instead of spending time and effort to build
and maintain DDoS botnets as they did in the past, more DDoS
attackers have been exploiting the existing landscape of exposed
network devices and unsecured service protocols. Whereas reflection
DDoS attacks accounted for only 5.9% of all DDoS traffic in Q3
2014, these attack vectors accounted for 33.19% of DDoS traffic in
Q3 2015.
Akamai Edge Firewall, a new source for DDoS attack
data
For the first time, the security report also includes
attack activity observed across the Akamai Edge Firewall, our
global platform perimeter. Edge Firewall data sets provide a broad
look at attack activity at the global platform perimeter—with
information on attack traffic coming from more than 200,000 servers
outfitted with Akamai technology. We identified that the top 10
source ASNs of attack traffic originated primarily from
China and other Asian countries,
while reflectors in the US and Europe were more commonly leveraged in a
distributed manner.
DDoS metrics
Compared with Q3 2014
- 179.66% increase in total DDoS attacks
- 25.74% increase in application layer (Layer 7) DDoS
attacks
- 198.1% increase in infrastructure layer (Layer 3 & 4) DDoS
attacks
- 15.65% decrease in average attack duration: 18.86 vs. 22.36
hours
- 65.58% decrease in average peak attack bandwidth
- 88.72% decrease in average peak attack volume
- 462.44% increase in reflection attacks
- 52.94% decrease in attacks > 100 Gbps: 8 vs. 17
Compared with Q2 2015
- 22.79% increase in total DDoS attacks
- 42.27% decrease in application layer (Layer 7) DDoS
attacks
- 30.21% increase in infrastructure layer (Layer 3 & 4) DDoS
attacks
- 8.87% decrease in average attack duration: 18.86 vs. 20.64
hours
- 25.13% decrease in average peak attack bandwidth
- 42.67% decrease in average peak attack volume
- 40.14% increase in reflection attacks
- 33.33% decrease in attacks > 100 Gbps: 8 vs. 12
Web application attack activity
In Q2 2015, the
Shellshock vulnerability dominated web application attacks
utilizing HTTPS, but this was not the case in Q3. As a result, the
percentage of web application attacks sent over HTTP vs. HTTPS
returned to a more typical level (88% via HTTP, 12% via HTTPS). The
use of web application attacks over HTTPS is likely to rise as more
sites adopt TLS-enabled traffic as a standard security layer.
Attackers may also use HTTPS in an attempt to penetrate back-end
databases, which are typically accessed from applications served
via HTTPS.
As in previous quarters, local file inclusion (LFI) and SQL
injection (SQLi) attacks were by far the most prevalent web
application attack vectors of those ranked. The retail industry was
hit hardest, receiving 55% of web application attacks, with the
financial services industry a distant second, receiving 15% of
attacks. Web application attacks relied heavily on botnets that
take advantage of unsecured home-based routers and devices.
The third quarter was also notable for an increase in WordPress
plugin attack attempts, not only for popular plugins but also for
less-known vulnerable plugins.
In Q3 2015, the US was the main source of web application
attacks, accounting for 59% of attack origin traffic, and was also
the target of 75% of these attacks. The top three attacking
Autonomous System Number (ASNs) were associated with virtual
private systems (VPS) owned by well-known cloud providers in the
US. Many of the cloud-based virtual servers that are launched each
day lack sufficient security and are compromised and used in a
botnet or other attack platform.
A look at website scrapers
A scraper is a specific
type of bot whose purpose is to acquire data from targeted
websites, store and analyze it, and then sell or use the data. One
example of a benign scraper is a search engine bot. Other examples
are rate aggregators, resellers and SEO analytics services. A
section of the security report discusses scrapers and provides an
easy way to identify them.
Web application attack metrics
Compared with Q2
2015
- 96.36% increase in HTTP web application attacks
- 79.02% decrease in HTTPS web application attacks
- 21.64% increase in SQLi attacks
- 204.73% increase in LFI attacks
- 57.55% increase in RFI attacks
- 238.98% increase in PHPi attacks
Download the report
A complimentary copy of
the Q3 2015 State of the Internet - Security Report is
available as a free PDF download at
http://www.stateoftheinternet.com/security-report.
About stateoftheinternet.com
Akamai's
stateoftheinternet.com shares content and information intended to
provide an informed view into online connectivity and cybersecurity
trends as well as related metrics, including Internet connection
speeds, broadband adoption, mobile usage, outages, and
cyber-attacks and threats. Visitors to stateoftheinternet.com can
find current and archived versions of Akamai's State of the
Internet (Connectivity and Security) reports, the company's data
visualizations and other resources designed to help put context
around the ever changing Internet landscape.
About Akamai
As the global leader in Content Delivery
Network (CDN) services, Akamai makes the Internet fast, reliable
and secure for its customers. The company's advanced web
performance, mobile performance, cloud security and media delivery
solutions are revolutionizing how businesses optimize consumer,
enterprise and entertainment experiences for any device, anywhere.
To learn how Akamai solutions and its team of Internet experts are
helping businesses move faster forward, please visit
www.akamai.com or blogs.akamai.com, and follow @Akamai on
Twitter.
|
|
Akamai
Contacts:
|
|
|
|
Rob Morton
|
Tom Barth
|
Media
Relations
|
Investor
Relations
|
617-444-3641
|
617-274-7130
|
rmorton@akamai.com
|
tbarth@akamai.com
|
|
|
Logo - http://photos.prnewswire.com/prnh/20100225/AKAMAILOGO
To view the original version on PR Newswire,
visit:http://www.prnewswire.com/news-releases/akamai-releases-q3-2015-state-of-the-internet---security-report-300189388.html
SOURCE Akamai Technologies, Inc.