Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

2015 already a record year for DDoS: Akamai

Chris Player | May 21, 2015
IoT devices constitute 20 per cent of attack vectors.

The first quarter of 2015 saw a record number of direct denial of service (DDoS) attacks, according to network service provider, Akamai.

The firm released its Q1 2015 State of the Internet - Security Report that detailed a record for the number of DDoS attacks observed across its PLXrouted network.

The figures showed a 35 per cent increase on the previous quarter and a 116.5 per cent increase on the same period in 2014.

Akamai said the attack profile for these incidents had also changed. Last year, high bandwidth and short duration attacks were most common, but in 2015 they were smaller in size and longer in duration.

Attack vectors also shifted in the past year. So far in 2015, Simple Service Discovery Protocol (SSDP) attacks accounted for more than 20 per cent of the attack vectors. This form of attack was not observed at all in the first half of 2014.

SSDP comes enabled by default on Internet of Things (IoT) devices to allow them to discover each other on a network, establish communication and coordinate activities.

If left unsecured or misconfigured, these IoT devices can be harnessed for use as reflectors.

A reflector is a potentially legitimate third party component used to send attack traffic to a victim, ultimately hiding the attackers' own identity.

The attackers send packets to the reflector with a source IP address set to their victim's IP therefore indirectly overwhelming the victim with the response packets.

Akamai director enterprise security Asia Pacific and Japan, John Ellis, said one of the reasons for the increase in these types of attacks was the lack of security for IoT devices.

"Over the last 18 months there has been a lot of insecure infrastructure around [network time protocol] NTP and [domain name system] DNS."

"These IoT devices are then used to amplify and reflect an attack to a particular target."

Gaming sector still the biggest target

The gaming sector was again hit with more DDoS attacks than any other industry. Gaming has remained the most targeted industry since Q2 2014, consistently being targeted in 35 per cent of attacks.

The software and technology sector was the second most targeted industry in Q1 2015, with 25 per cent of all attacks observed by Akamai.

The company concentrated its analysis on seven common web application attack vectors, which accounted for 178.85 million web application attacks observed.

These vectors included SQL injection (SQLi), local file inclusion (LFI), remote file inclusion (RFI), PHP injection (PHPi), command injection (CMDi), OGNL Java injection (JAVAi) and malicious file upload (MFU).

SQLi attacks were also common, making up more than 29 per cent of web application attacks. Akamai said a substantial portion of the SQLi attacks were related to attack campaigns against two companies in the travel and hospitality industry. The other five attack vectors collectively made up the remaining five percent of attacks. "It comes down to good, secure coding," said Ellis.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.