Akamai Technologies, Inc., the global leader in content delivery network (CDN) services, today announced the availability of the Q3 2015 State of the Internet - Security Report.
The Q3 2015 report, which provides analysis and insight into the global cloud security threat landscape, can be downloaded at www.stateoftheinternet.com/security-report.
"Akamai has been seeing greater numbers of denial of service attacks every quarter, and the upward trend continued in the most recent quarter. Although recent DDoS attacks were on average smaller and shorter, they still posed a significant cloud security risk," said John Summers, vice president, Cloud Security Business Unit, Akamai.
He further stated, "Attacks are being fueled by the easy availability of DDoS-for-hire sites that identify and abuse exposed Internet services, such as SSDP, NTP, DNS, CHARGEN, and even Quote of the Day."
DDoS attack activity across the Akamai routed network jumped 23 percent this quarter from already record levels to 1,510 attacks, an increase of 180 percent over Q3 2014. Although there were substantially more attacks, on average the attacks were shorter with lower average peak bandwidth and volume. Mega attacks (greater than 100 Gbps) were fewer: eight were recorded in Q3 compared to 12 in Q2 and 17 in Q3 a year ago. The largest bandwidth DDoS attack in Q3 - leveraging the XOR DDoS botnet - measured 149 Gbps. This was down from the peak 250 Gbps DDoS attack last quarter. Of the eight mega attacks, the media and entertainment sector was targeted most frequently, with three attacks.
While attack bandwidth was down, Q3 hit a record by a different measure of attack size. A firm in the media and entertainment industry was hit by a record-breaking 222 million packets per second (Mpps) DDoS attack, a small increase over a record-breaking attack of 214 Mpps in Q2. This large attack can be compared to an average peak volume of 1.57 Mpps for all DDoS attacks observed by Akamai in Q3. An attack of this size could bring down a tier 1 router, such as those used by Internet service providers (ISPs).
More From This Section
The online gaming sector was hit particularly hard by DDoS attacks in Q3 2015, accounting for 50 percent of the recorded, DDoS attacks. Gaming was followed by software and technology, which suffered 25 percent of all attacks. Online gaming has been the most targeted industry for more than a year.
Reflection-based DDoS attacks are proving more popular than infection-based DDoS. Instead of spending time and effort to build and maintain DDoS botnets as they did in the past, more DDoS attackers have been exploiting the existing landscape of exposed network devices and unsecured service protocols. Whereas reflection DDoS attacks accounted for only 5.9 percent of all DDoS traffic in Q3 2014, these attack vectors accounted for 33.19 percent of DDoS traffic in Q3 2015.
For the first time, the security report also includes attack activity observed across the Akamai Edge Firewall, our global platform perimeter. Edge Firewall data sets provide a broad look at attack activity at the global platform perimeter-with information on attack traffic coming from more than 200,000 servers outfitted with Akamai technology. We identified that the top 10 source ASNs of attack traffic originated primarily from China and other Asian countries, while reflectors in the US and Europe were more commonly leveraged in a distributed manner.
In Q2 2015, the Shellshock vulnerability dominated web application attacks utilizing HTTPS, but this was not the case in Q3. As a result, the percentage of web application attacks sent over HTTP vs. HTTPS returned to a more typical level (88 percent via HTTP, 12 percent via HTTPS). The use of web application attacks over HTTPS is likely to rise as more sites adopt TLS-enabled traffic as a standard security layer. Attackers may also use HTTPS in an attempt to penetrate back-end databases, which are typically accessed from applications served via HTTPS.
As in previous quarters, local file inclusion (LFI) and SQL injection (SQLi) attacks were by far the most prevalent web application attack vectors of those ranked. The retail industry was hit hardest, receiving 55 percent of web application attacks, with the financial services industry a distant second, receiving 15 percent of attacks. Web application attacks relied heavily on botnets that take advantage of unsecured home-based routers and devices.
The third quarter was also notable for an increase in WordPress plugin attack attempts, not only for popular plugins but also for less-known vulnerable plugins.
In Q3 2015, the US was the main source of web application attacks, accounting for 59% of attack origin traffic, and was also the target of 75% of these attacks. The top three attacking Autonomous System Number (ASNs) were associated with virtual private systems (VPS) owned by well-known cloud providers in the US. Many of the cloud-based virtual servers that are launched each day lack sufficient security and are compromised and used in a botnet or other attack platform.
A scraper is a specific type of bot whose purpose is to acquire data from targeted websites, store and analyze it, and then sell or use the data. One example of a benign scraper is a search engine bot. Other examples are rate aggregators, resellers and SEO analytics services. A section of the security report discusses scrapers and provides an easy way to identify them.
Array
Akamai's stateoftheinternet.com shares content and information intended to provide an informed view into online connectivity and cybersecurity trends as well as related metrics, including Internet connection speeds, broadband adoption, mobile usage, outages, and cyber-attacks and threats. Visitors to stateoftheinternet.com can find current and archived versions of Akamai's State of the Internet (Connectivity and Security) reports, the company's data visualizations and other resources designed to help put context around the ever changing Internet landscape.