The Q1 2016 State of the Internet: Security Report from Akamai, the leading content delivery network (CDN) services, has been published. The report “provides a detailed view of the global cloud security threat landscape and in-depth analysis and insight into malicious activity observed across the Akamai Intelligent Platform™.”
From DDoS attacks to the first analysis of bot activity, here is the most important information you need to know.
According to the 2016 first-quarter report of the state of the internet security, the frequency and the number of web application and Distributed Denial of Service (DDoS) attacks on online assets has continued to rise significantly.
The report indicates that about 60% of the DDoS attacks were mitigated using at least two-attack vector all at once. This makes defense more difficult. According to the report, what people should be more concerned about is the fact that even the least skilled attackers are now using the multi-vector attack functionality.
In the previous quarters, only the clever ones have launched such attacks. This increase in multi-vector DDoS attacks indicates that there is a continued increase in attack tools sophistication. This is a problem for the security practitioners since they require a unique control to mitigate each attack vector.
DDoS attacks at a glance
During the first quarter (Q1) of 2016, the number of DDoS attacks mitigated was 4,523 compared to 3,693 attack events in Q4 2015. This represented a 125% increase. These attacks are based on reflection attacks that use booter-based tools. This has been the case even in other quarters. These tools attack by bouncing off traffic servers and run vulnerable services such as DNS, CHARGEN, and NTP.
The report states that about 55% of the attacks targeted gaming companies while the next 25% targeted the technology and software industry. In the previous quarters, the highest number of attacks exceeding 100 Gigabits per second (Gbps) was recorded in Q3 2014 at 17. Q1 2016 set a new record of 19.
During Q4 2015, the targeted customers were repeatedly attacked for an average of 39 times each. This is an increase from 24 in the quarter.
Many copycat entities are now imitating such groups as Armada Collective and DD4BC. They use their tactic of sending ransom messages to their victims, which promise large scale DDoS unless they pay a specific amount of bitcoins.
Attacks on web application activity
There was a 26% increase in web application attacks compared to Q4 2015. 43% of the attacks targeted the retail sector that forms the most popular attacks target. As compared to the last quarter, the web application attacks over HTTP decreased by 2% while the web application attacks over HTTPS increased by 236%.
The report also records that a particular customer was targeted by more than 4% of the total attacks on web applications. This occurred in seven out of the nine vectors.
As is the trend, the US remained the most frequent target at 60%. At the same time, it remained the main web application attack source and accounted for 43% of the attack origin traffic.
A look at bot activity
Q1 2016 is the first report to include an analysis of bot activity.
The bot activity was monitored over 24 hours and during this time, over two trillion bot request were tracked and analyzed. The good bots, i.e., the identified and the known bots represented 40% of the bot traffic. However, 50% of the bot traffic was identified as malicious.
The report also stated that a certain customer was attacked by 12% of the total number of attacks while 60% of the Shellshock attacks were targeted at two particular clients.
DDoS reflectors growth
In Q1 2016, there was a 77% increase in active Quote of the Day (QOTD) reflectors compared to the last quarter.
The use of NTP reflectors accounted for 59% of the total reflection DDoS attacks. This is a 72% increase compared to the last quarter. Similarly, there was a 67% increase in CHARGEN reflectors. However, the use of SSDP reflectors declined by 46%.
It is important to have software in place to protect yourself and your customers from being attacked or part of an attack. Abusix’s AbuseHQ works in real-time to illuminate blind spots in your network and forewarn your security and systems operators of future threats.
To schedule your demo today, click here.
