14 DAY TRIAL // During the third quarter of 2015, Akamai, a worldwide-spanning CDN (content delivery network), observed over 1,510 DDoS attacks, 180% more than last year, and 23% higher when compared to Q2 2014.
The good news is that the attacks were much less severe than in previous quarters, coming in smaller and quicker waves, with reduced peak bandwidths, and rarely going over the 100 Gbps threshold. In fact, only eight attacks went over 100 Gbps, compared to 12 in Q2 2015, and 17 in Q3 2014.
"Although recent DDoS attacks were on average smaller and shorter, they still posed a significant cloud security risk," said John Summers, vice president, Cloud Security Business Unit, Akamai. "Attacks are being fueled by the easy availability of DDoS-for-hire sites that identify and abuse exposed Internet services, such as SSDP, NTP, DNS, CHARGEN, and even Quote of the Day."
XOR Linux botnet, the biggest source of DDoS attacks
While most attacks relied on a classic botnet infrastructure, with the XOR Linux-based botnet being the biggest in Q3, reflected DDoS attacks become a common occurrence as well, not being considered an eccentricity anymore.
According to Akamai experts, this shift is mainly due to the fact that reflected DDoS attacks can be launched with fewer resources and in less time, with the attackers not needing to spend months or years to build a botnet via malware infections.
As the report highlights, most of the DDoS attacks continued to originate from China and to be aimed at businesses in the US. The vast majority of attacks targeted companies in the online gaming industry, while the biggest attack was recorded versus a media & entertainment site (149 Gbps, XOR botnet).
As for other types of cyber-attacks, Web application attacks, local file inclusion (LFI) and SQL injection (SQLi) attacks were the most common. 55% of all Web application attacks were aimed at the retail sector, which makes sense since retail data can be easily monetized by the attackers themselves, or on the underground black market.
Get the full Akamai State of the Internet Security Report from here.
