Computerworld

State of the Internet - Who’s getting breached?

“The threat posed by distributed denial of service (DDoS) and web application attacks continues to grow each quarter.”

“The threat posed by distributed denial of service (DDoS) and web application attacks continues to grow each quarter.”

That’s the view of John Summers, vice president, Cloud Security Business Unit, Akamai Technologies, fresh from releasing the Q2 2015 State of the Internet - Security Report.

“Malicious actors are continually changing the game by switching tactics, seeking out new vulnerabilities and even bringing back old techniques that were considered outdated,” Summers adds.

“By analysing the attacks observed over our networks, we’re able to identify emerging threats and trends and provide the public with the information to harden their networks, websites and application and improve their cloud security profiles.

“For example, for this report, we not only added two web application attack vectors to our analysis, we also examined the perceived threat posed by the onion router (Tor) traffic and even uncovered some new vulnerabilities in third-party WordPress plugins which are being published as CVEs.

“The more you know about cyber security threats, the better you can defend your enterprise.”

DDoS attack activity at a glance

For the past three quarters, Summers says there has been a doubling in the number of DDoS attacks year over year.

And while attackers favoured less powerful but longer duration attacks this quarter, the number of dangerous mega attacks continues to increase.

In Q2 2015, there were 12 attacks peaking at more than 100 Gigabits per second (Gbps) and five attacks peaking at more than 50 Million packets per second (Mpps).

For Summers, very few organisations have the capacity to withstand such attacks on their own.

The largest DDoS attack of Q2 2015 measured more than 240 gigabits per second (Gbps) and persisted for more than 13 hours.

Peak bandwidth is typically constrained to a one to two hour window. Q2 2015 also saw one of the highest packet rate attacks ever recorded across the Prolexic Routed network, which peaked at 214 Mpps.

According to Summers, that attack volume is capable of taking out tier 1 routers, such as those used by Internet service providers (ISPs).

DDoS attack activity set a new record in Q2 2015, increasing 132 percent compared to Q2 2014 and increasing 7 percent compared to Q1 2015.

Average peak attack bandwidth and volume increased slightly in Q2 2015 compared to Q1 2015, but remained significantly lower than the peak averages observed in Q2 2014.

Meanwhile, SYN and Simple Service Discovery Protocol (SSDP) were the most common DDoS attack vectors this quarter - each accounting for approximately 16 percent of DDoS attack traffic.

The proliferation of unsecured home-based, Internet-connected devices using the Universal Plug and Play (UPnP) Protocol continues to make them attractive for use as SSDP reflectors.

Practically unseen a year ago, SSDP attacks have been one of the top attack vectors for the past three quarters.

SYN floods have continued to be one of the most common vectors in all volumetric attacks, dating back to the first edition of the security reports in Q3 2011.

Page Break

Online gaming has remained the most targeted industry since Q2 2014, consistently being targeted in about 35 percent of DDoS attacks.

China has remained the top source of non-spoofed attack traffic for the past two quarters, and has been among the top three source countries since the very first report was issued in Q3 2011.

At a glance

Compared to Q2 2014

• 132.43 percent increase in total DDoS attacks

• 122.22 percent increase in application layer (Layer 7) DDoS attacks

• 133.66 percent increase in infrastructure layer (Layer 3 & 4) attacks

• 18.99 percent increase in the average attack duration: 20.64 vs. 17.35 hours

• 11.47 percent decrease in average peak bandwidth

• 77.26 percent decrease in average peak volume

• 100 percent increase in attacks > 100 Gbps: 12 vs. 6

Compared to Q1 2015

• 7.13 percent increase in total DDoS attacks

• 17.65 percent increase in application layer (Layer 7) DDoS attacks

• 6.04 percent increase in Infrastructure layer (Layer 3 & 4) attacks

• 16.85 percent decrease in the average attack duration: 20.64 vs. 24.82 hours

• 15.46 increase in average peak bandwidth

• 23.98 percent increase in average peak volume

• 50 percent increase in attacks > 100 Gbps: 12 vs. 8

• As in Q1 2015, China is the quarter's top country producing DDoS attacks