Akamai: DDoS attacks up thanks to criminal misuse of stress-test services

The upside is that the duration of attacks is shorter.

Criminals are tapping Web-based services that are advertised as tools to stress test customers’ networks but in actuality they are using them to launch DDoS attacks against victims, according to Akamai.

The paid sites can make DDoS attacks a viable option for actors looking to shut down targeted servers, the company says in its “State of the Internet/Security Q3 2015” report. “Many of the sites are simply DDoS-for-hire tools in disguise, relying on the use of reflection attacks to generate their traffic,” the report says.

+More on Network World: DARPA scheme would let high-tech systems “see” as never before+

One byproduct of this trend is that the duration of attacks is smaller than it has been during past quarters.

These subscription sites limit the duration of attacks to somewhere between 20 minutes and an hour, Akamai says. “Instead of spending time and effort to build and maintain DDoS botnets, it’s far easier for attackers to use booter-stresser tools to exploit network devices and unsecured service protocols,” according to the report.

These tools can’t generate the big attacks that can be launched from DDoS botnets, but attackers may use them because, for a time at least, they give an aura of anonymity by masking the origin of attacks.

Akamai DDoS report

The report is based on data observed and identified by Akamai on its network of more than 200,000 servers in more than 100 countries. The data can be influenced over time by the mix of Akamai’s customer base, new products and new attack-detection tools, so which may skew trends. Its network transmits 15% to 30% of Internet traffic.

Despite a drop in attack duration, the average attack detected during the quarter still lasted 18.86 hours, a drop from 22.36 hours a year ago.

The report says there are more DDoS attacks compared to last year at the same time and they not only don’t last as long on average and there are fewer attacks greater than 100GB. The number of biggest attacks detected by Akamai over the quarter, those over 100GBps, has dropped to eight from 17 in the same quarter of 2015.

Half of all DDoS attacks were against gaming sites, with software and technology firms combining to tally another 25%.

There were 1,510 DDoS attacks recorded for the quarter, up 180% from the year before and up 23% from the quarter before. Application layer DDoS attacks were up 26% over last year and infrastructure layer attacks nearly tripled, up 198%.

Web apps attacks were launched mainly against home networks.

The report took a look at where attacks originate and found that the U.K. (26%) was the source of the largest percentage of DDoS attacks, followed by China (21%) and the U.S. (17). Leaders in this category have fluctuated. Last quarter the top three were China (37%), U.S. (18%) and U.K. (10%). Last year it was China (20%), Brazil (17.5%) and Mexico (14%).

The report makes a number of predictions:

  • Expect more records set for DDoS attacks, with varying attack methods.
  • Because of the huge number of users and vulnerable devices located in the U.S., it will remain the top source of malicious traffic.
  • Attacks against gaming will continue as players look for competitive edges and as platforms remain vulnerable.
  • Retailers will suffer the vast majority of Web apps attacks because successful exploits prove so lucrative.

Join the CSO newsletter!

Error: Please check your email address.

Tags ddos

More about

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Greene

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place