More companies being hit by repeated DDoS attacks: Akamai

Latest DDoS metrics show Web application attacks surging, gamers dominating

Purveyors of distributed denial of service (DDoS) attacks are continuing to ramp up their game, with a growing number of companies being targeted multiple times and overall volumes of large attacks surging over last year.

Gamers dominated the findings of Akamai's latest quarterly State of the Internet Security report, which found that 55 percent of the 4523 observed DDoS attacks were targeted at gaming operators, typically to slow down or interrupt services to online rivals.

Software and technology companies were also heavily targeted, with 25 percent of observed attacks aimed at such companies while more conventional industry sectors – including media & entertainment (5 percent), financial services (4 percent), Internet and telecommunications (4 percent) companies – all suffered approximately the same volume of attacks.

Government institutions got off relatively lightly, accounting for just 2 percent of attacks – on par with retail and consumer-goods companies. Yet these figures represented an overall increase in attacks over the final quarter of 2015, with the total number of DDoS attacks increasing 23 percent and average attack duration up 8 percent on a quarterly basis.

Repeat attacks were observed across the spectrum, with one customer targeted by 4 percent or more of total Web application attacks in seven out of nine observed vectors. Another customer accounted for 12 percent of all attacks observed across the entire quarter, with 60 percent of Shellshock attacks targeted at just two companies.

Likely reflecting the dominance of gaming-related attacks, application-layer DDoS attacks surged 107 percent compared with the previous quarter while infrastructure-layer attacks increased by a more-modest, but still-significant, 23 percent.

DDoS attackers continued to experiment with new application attacks, with reflection attacks comprising 70 percent of all DDoS attacks by leveraging services like DNS and CHARGEN. Attacks leveraging Quote of the Day (QOTD) reflectors increased by 77 percent, while those leveraging NTP jumped 72 percent and CHARGEN reflectors, 67 percent.

Web applications using HTTPS increased 236 percent, in contrast to HTTP-based attacks that were more or less flat. At an average of 16.14 hours, attacks were 35 percent shorter than they were a year ago – but with 59 percent of mitigated DDoS attacks using at least two attack vectors at once, Akamai Security Business Unit senior vice president and general manager Stuart Scholly said in a statement that increased ingenuity by DDoS perpetrators was “making defense more difficult” because each attack vector requires its own discrete mitigation controls.

“Perhaps more concerning,” he continued, “this multi-vector attacks functionality was not only used by the most clever of attackers, it has become a standard capability in the DDoS-for-hire marketplace and accessible to even the least skilled actors.”

The number of mega-attacks (those greater than 100Gbps combined bandwidth) jumped 137 percent, with 19 such attacks recorded during the quarter at up to 289 Gbps. Six attacks were recorded involving more than 30 million data packets per second.

Attacks exploiting Shellshock vulnerabilities surged 688 percent over the previous quarter, with JAVAi (up 340 percent), CMDi (up 221 percent), RFI (up 89 percent), SQLi (up 87 percent) and XSS (up 75 percent) all showing signs of rapid growth; only PHPi, which declined 92 percent over the previous quarter, had become less popular with DDoS perpetrators.

Akamai's State of the Internet figures are based on ongoing analysis through the company's Akamai Intelligent Platform, which analyses more than 15 percent of world Internet traffic to monitor global attack and traffic patterns. Its Cloud Security Intelligence engine includes over 2 petabytes of threat-intelligence data, including 10TB of application-layer attack data collected every day.

Previous reports have found Australia to be the world's second most-attacked Web application target, with the surge in shorter, larger attacks and surge in criminal misuse of stress-test services highlighted in last quarter's report.

Join the CSO newsletter!

Error: Please check your email address.

Tags Shellshockweb applicationsHTTPSCHARGENDNSweb application attacksmedia and entertainmentNTPDDoS attacksakamaiindustry sector

More about RFI

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place