Australia continues to punch well above its weight as a target for online attacks, with new figures from content distribution network Akamai putting us second in the world – behind only the United States – as a target for online Web attacks.
Figures in Akamai's Q1 2015 State of the Internet security report, the latest in a series of quarterly reviews of some 10TB of attack data picked from traffic along Akamai's network, found that Australian sites were targeted in 2.27 percent of attacks. This put the country ahead of the UK (2.18 percent), Japan (1.8 percent), India (1.49 percent), Canada (1.26 percent) and Korea (1.07 percent).
Interestingly, New Zealand – which often mirrors Australian trends – was nowhere to be seen in the top 10, registering less than a third of Australia's proportion of attacks.
The figures pale by comparison to those for the US, which according to the figures received 81.61 percent of all attacks. That's consistent with other surveys of recent security activity, which have found Australia is particularly susceptible to ransomware attacks – with the new CryptoWall 3.0, in particular, proving to be twice as effective against ANZ targets than anywhere else in the world – despite being relatively good at avoiding mobile and other forms of malware.
Vulnerabilities in SSLv3, including POODLE, Shellshock and Heartbleed, drove Akamai to recommend that users disable SSLv3 where possible.
The company also offered detailed analysis of distributed denial of service (DDoS) attacks, with eight 'mega attacks' of up to 170Gbps intensity leveled against Akamai customers during the first quarter. Five of those attacks came in the last week of March alone.
Compared with the same quarter a year ago, the volume of DDoS attacks increased by 117 percent and the volume of infrastructure layer attacks increased by 125 percent. Average attack duration increased by 43 percent, although a 39 percent decrease in average peak bandwidth and 89 percent decrease in average peak packets per second.
“Typical DDoS attack profiles are shifting, with a decrease in bandwidth but an increase in frequency and duration,” the report's authors noted.
“Though the average DDoS attack is not high bandwidth, attackers have developed methods to make 100+ Gbps attacks easier and accessible in the DDoS-for-hire market.”
By contrast, earlier reports suggested DDoS attacks against Australian targets were increasing in intensity but lasting half as long as the regional average.
The type of DDoS attacks shifted considerably compared with the same period in 2014, with NTP attacks down from 16.61 percent of all attacks to just 6.87 percent and DNS (8.95 percent down to 5.93 percent), ICMP (9.82 percent to 3.59 percent) and HTTP POST (2.37 percent down to 0.70 percent) based attacks among those seeing a dramatic fall-off.
Attacks against SSDP, on the other hand, did not register in 2014 but comprised 20.78 percent of all attacks in the first quarter of this year. UDP flood attacks also grew, from 10.36 percent to 13.25 percent of attacks, while CHARGEN attacks equally increased from 3.45 percent to 5.78 percent.
Russia, Korea, the UK, India, Germany and China all surged as sources of DDoS attacks from the fourth quarter of 2014, while the US actually plummeted as a DDoS source – from 31.54 percent of attacks in the previous quarter to just 12.18 percent of attacks in the first quarter of this year.
This article is brought to you by Enex TestLab, content directors for CSO Australia.