Akamai Technologies, the leading provider of cloud services for delivering, optimising and securing online content and business applications, has announced availability of the Q3 2014 State of the Internet – Security Report. Akamai’s Prolexic Security Engineering and Research Team (PLXsert) is a recognised leader in Distributed Denial of Service (DDoS) protection services and strategies. This quarter’s report, which provides analysis and insight into the global attack threat landscape including DDoS attacks, can be downloaded at www.stateoftheinternet.com/security-report.
“DDoS attack size and volume have gone through the roof this year,” said John Summers, vice president, Security Business Unit at Akamai Technologies. “In the third quarter alone, Akamai mitigated 17 attacks greater than 100 gigabits-per-second, with the largest at 321 Gbps. Interestingly, we witnessed none of that size in the same quarter a year ago and only six last quarter. These mega-attacks each used multiple DDoS vectors to deliver large bandwidth-consuming packets at an extremely high rate of speed.”
A brute force approach characterised the most significant campaigns in Q3 as attackers shifted towards new attack methods and enhanced older attack methods to consume more bandwidth. These record‑setting DDoS attack campaigns marked an 80 percent increase in average peak bandwidth in Q3 compared to the previous quarter and a four-fold increase from the same period a year ago. Q3 also saw an increase in average peak packets per second, recording a 10 percent increase over the previous quarter and a four-fold increase compared the same quarter in 2013.
Malicious actors have found ways to involve a wider base of devices to expand DDoS botnets and produce larger DDoS attacks. PLXsert has observed botnet-building efforts in which malicious actors sought to control systems by gaining access through vulnerable web applications on Linux-based machines. Attackers have also expanded to a new class of device including smartphones and embedded devices, such as customer-premises equipment (CPE), home cable modems, mobile devices, and a great variety of Internet-enabled devices including home-based and wearables within the category of the Internet of Things (IoT).
Attacks with both high bandwidth and high volume were made possible by the use of multi-vector attack methods. More sophisticated, multi-vector attacks became the norm this quarter, with more than half (53 per cent) of all attacks utilising multiple attack vectors. This was an 11 per cent increase in multi-vector attacks compared to last quarter, and a nine percent increase compared to Q3 2013. Multi-vector attacks have been fueled by the increased availability of attack toolkits with easy-to-use interfaces as well as a growing DDoS-for-hire criminal industry.
Highlights from the Akamai PLXsert Q3 2014 State of the Internet – Security Report
Compared to Q3 2013
- 22 per cent increase in total DDoS attacks
- 389 per cent increase in average attack bandwidth
- 366 per cent increase in average peak packets per second
- 44 per cent decrease in application layer attacks
- 43 per cent increase in infrastructure layer attacks
- 5 per cent increase in average attack duration
- 9 per cent increase in multi-vector attacks
Compared to Q2 2014
- 2 per cent increase in total DDoS attacks
- 80 per cent increase in average attack bandwidth
- 10 per cent increase in average peak packets per second
- 2 per cent increase in application layer attacks
- 2 per cent increase in infrastructure layer attacks
- 29 per cent increase in average attack duration
- 11 per cent increase in multi-vector attacks
- 183 per cent increase in high bandwidth (100+ Gbps) attacks: 17 vs. 6
Phishing attacks compromise media websites
During Q3, another kind of attack was also prominent – phishing attacks. Multiple phishing attacks targeted Google Enterprise users in order to harvest user credentials and gain access to confidential information. With this information, hacktivists successfully compromised third-party content feeds on popular media websites, such as CNN, the Associated Press and others.
The highest profile group of hacktivists targeting third-party content providers is the Syrian Electronic Army (SEA), which typically sends emails with a falsified link to a large number of employees in a targeted company or its third-party content provider. Users who click the link are presented with what looks like a login screen to harvest the user’s sign-in credentials in a form of identity theft.
A complimentary copy of the Akamai PLXsert Q3 2014 State of the Internet – Security Report is available as a free PDF download at www.stateoftheinternet.com/security-report.