Criminals are tapping Web-based services that are advertised as tools to stress test customers’ networks but in actuality they are using them to launch DDoS attacks against victims, according to Akamai.
The paid sites can make DDoS attacks a viable option for actors looking to shut down targeted servers, the company says in its “State of the Internet/Security Q3 2015” report. “Many of the sites are simply DDoS-for-hire tools in disguise, relying on the use of reflection attacks to generate their traffic,” the report says.
+More on Network World: DARPA scheme would let high-tech systems “see” as never before+
One byproduct of this trend is that the duration of attacks is smaller than it has been during past quarters.
These subscription sites limit the duration of attacks to somewhere between 20 minutes and an hour, Akamai says. “Instead of spending time and effort to build and maintain DDoS botnets, it’s far easier for attackers to use booter-stresser tools to exploit network devices and unsecured service protocols,” according to the report.
These tools can’t generate the big attacks that can be launched from DDoS botnets, but attackers may use them because, for a time at least, they give an aura of anonymity by masking the origin of attacks.
The report is based on data observed and identified by Akamai on its network of more than 200,000 servers in more than 100 countries. The data can be influenced over time by the mix of Akamai’s customer base, new products and new attack-detection tools, so which may skew trends. Its network transmits 15% to 30% of Internet traffic.
Despite a drop in attack duration, the average attack detected during the quarter still lasted 18.86 hours, a drop from 22.36 hours a year ago.
The report says there are more DDoS attacks compared to last year at the same time and they not only don’t last as long on average and there are fewer attacks greater than 100GB. The number of biggest attacks detected by Akamai over the quarter, those over 100GBps, has dropped to eight from 17 in the same quarter of 2015.
Half of all DDoS attacks were against gaming sites, with software and technology firms combining to tally another 25%.
There were 1,510 DDoS attacks recorded for the quarter, up 180% from the year before and up 23% from the quarter before. Application layer DDoS attacks were up 26% over last year and infrastructure layer attacks nearly tripled, up 198%.
Web apps attacks were launched mainly against home networks.
The report took a look at where attacks originate and found that the U.K. (26%) was the source of the largest percentage of DDoS attacks, followed by China (21%) and the U.S. (17). Leaders in this category have fluctuated. Last quarter the top three were China (37%), U.S. (18%) and U.K. (10%). Last year it was China (20%), Brazil (17.5%) and Mexico (14%).
The report makes a number of predictions:
- Expect more records set for DDoS attacks, with varying attack methods.
- Because of the huge number of users and vulnerable devices located in the U.S., it will remain the top source of malicious traffic.
- Attacks against gaming will continue as players look for competitive edges and as platforms remain vulnerable.
- Retailers will suffer the vast majority of Web apps attacks because successful exploits prove so lucrative.