By Steve Bush Posted on 16th February 2017 | Modified on 16th February 2017

Internet attacks more than double in a year

Large-scale distributed denial of service (DDoS) internet attacks increased 140% year-over-year from Q4 2015, according to the Q4 2016 ‘state of the internet’ security report from Massachusetts content delivery network firm Akamai Technologies, which carries a significant proportion of global web traffic.

It uses data gathered by its own software to analyse threats to cloud security and discover seasonal trends.

“As we saw with the Mirai botnet attacks during the third quarter, unsecured IoT devices continued to drive significant DDoS attack traffic,” said report editor Martin McKeay. “With the predicted exponential proliferation of these devices, threat agents will have an expanding pool of resources to carry out attacks, validating the need for companies to increase their security investments. Additional emerging system vulnerabilities are expected before devices become more secure.”


According to Akamai’, analysis highlights are:


DDoS attacks

  • Attacks greater than 100Gbit/s increased 140% year-over-year from Q4 2015
  • The largest DDoS attack in Q4 2016, which peaked at 517Gbit/s, came from Spike, a non-IoT botnet that has been around for more than two years.
  • Seven of the 12 Q4 2016 mega attacks, those with traffic greater than 100Gbit/s, can be directly attributed to Mirai.
  • The number of IP addresses involved in DDoS attacks grew significantly this quarter, despite DDoS attack totals dropping overall.
  • The United States sourced the most IP addresses participating in DDoS attacks – more than 180,000.

Web application attacks

  • The United States remained the top source country for web application attacks, showing a 7% increase from Q3 2016.
  • SQLi, LFI, and XSS web application vectors accounted for 95% of observed web application attacks in Q4 2016, similar to Q3 2016.
  • The number of web application attacks in Q4 2016 was down 19% from Q4 2015; however, research into retail traffic over the United States Thanksgiving holiday week revealed an upward trend for four sub-verticals (apparel and footwear, consumer portals, consumer electronics and media and entertainment) that all suffered from significant web application attacks.

Top attack vectors

  • Of the 25 DDoS attack vectors tracked in Q4 2016, the top three were UDP fragment (27%), DNS (21%), and NTP (15), while overall DDoS attacks decreased by 16%.
  • Akamai added a new reflection DDoS attack vector this quarter, Connectionless Lightweight Directory Access Protocol (CLDAP), which attackers abuse to amplify DDoS traffic.

“If anything, our analysis of Q4 2016 proves the old axiom ‘expect the unexpected’ to be true for the world of web security,” said McKeay. “For example, perhaps the attackers in control of Spike felt challenged by Mirai and wanted to be more competitive. If that’s the case, the industry should be prepared to see other botnet operators testing the limits of their attack engines, generating ever larger attacks.”

Stephen Gates, analyst at network security firm NSFocus, cautions against misunderstanding the US being the primary source of DDoS and web app attacks. “Remember, botnet infected machines, including IoT, don’t launch DDoS attacks on their own. It’s the criminal that is controlling them who is responsible; and that person can be located anywhere in the world,” he said.


Tagged with:

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Copyright ©2024 Electronics Weekly |News|Products|Blogs|Jobs - Owned by Emap, Southern House, CR0 1XG (020 39532600) Terms and Conditions Privacy policy