Record high in cyber attacks
Akamai has published its security report for the first quarter of 2016. The key findings: DDoS attacks and web application attacks have continued to rise, as has a new wave of replay attacks.
Akamai Technologies has unveiled its "Q1 2016 State of the Internet Security Report." The quarterly report provides analysis and insights into cybercriminal activity based on the Akamai Intelligent Platform were observed. It includes an in-depth analysis as well as a detailed view of the global cloud security threat landscape (go here for the Download).
DDoS attacks at a glance
In the first quarter, more than 4500 DDoS attacks were blocked by Akamai. This represents an increase of 125% compared to the same quarter last year. As in previous quarters, the majority of DDoS attacks were based on reflection attacks using stresser and booter-based tools. These tools redirect traffic from servers running vulnerable services such as DNS, CHARGEN, and NTP. In fact, 70% of DDoS attacks in the first quarter used reflection-based DNS, CHARGEN, NTP or UDP fragment vectors, according to the company. According to the data, more than half of the attacks (55%) were directed against companies in the gaming industry and just under 25% were directed against companies in the software and technology industry.
According to Akamai, the first quarter of 2016 also saw a record number of DDoS attacks exceeding 100 Gbit/s: 19 in total, with the most extensive of these large-scale attacks defended against peaking at 289 Gbit/s. 14 of the attacks were based on DNS reflection methods. There were only five such large-scale attacks in the last quarter. The last record was set in the third quarter of 2014 and was 17 attacks.
In the fourth quarter of 2015, repeated DDoS attacks were the norm - with an average of 24 attacks per attacked company. The trend continued in the first quarter of 2016, this time with 39 attacks. One company was even the target of attacks 283 times - an average of three per day.
DDoS key figures
Compared with the fourth quarter of 2015, there were
- an increase in DDoS attacks by a total of 22%
- An increase of 23% in attacks on infrastructure layers 3 and 4.
- An increase in average attack duration by nearly 8% from 15 to 16 hours
- an increase in attacks by 280% with more than 100 Gbit/s: from 5 to 19
Attacks on web applications
Attacks on web applications increased by around 26% compared to the fourth quarter of 2015. As in previous quarters, the retail sector was the most popular target with 43% of attacks. However, compared to last quarter, there was a decrease of 2% in attacks against web applications over HTTP and an increase of 236% in attacks against web applications over HTTPS. SQLi attacks also increased by 87% compared to the previous quarter.
As in previous quarters, the U.S. was both the most common source of attack traffic related to web applications (43%) and the most common target (60%).
Key figures of attacks on web applications
Compared with the fourth quarter of 2015, there were
- an increase of 25% in attacks on web applications
- a decrease in attacks on web applications over HTTP by 1.7%
- an increase of 236% in HTTPS-based attacks on web applications
- an increase in SSDP attacks by 87%.
Snapshot of bot activity
For the first time, Akamai has also included an analysis of bot activity in its Security Report. Observing bot activity over 24 hours, more than two trillion bot requests were tracked and analyzed. While the identified bots that were known and benign accounted for 40% of the bot traffic, 50% of the bots were identified as malicious and were involved in scraping campaigns and other related activities.
Increase in DDoS reflectors
Using firewall data from the Akamai Intelligent Platform, the evaluations found a 77% increase in active Quote of the Day (QOTD) reflectors, a 72% increase in NTP reflectors, and a 67% increase in CHARGEN reflectors compared to the fourth quarter of 2015. Active SSDP reflectors decreased by 46%, according to the company.