DDoS attacks double but could go bigger still with IPv6
Akamai Technologies' latest State of the Internet security report finds that DDoS attacks are becoming bigger and badder, with the number of attacks having doubled in the last year.
The Q1 report indicated that there had been a 116.5 percent rise in attacks on a year-on-year basis, with the number also up 35.24 percent compared to the firm's report in Q4 of 2014.
The study also indicated that the duration of an attack was longer – up from 24.82 hours from 17.38 hours (an increase of 40 percent) on a yearly basis, although this was 15.37 percent down from the 29.33 hour average recorded in Q4.
In addition, Akamai found that there was a significant rise in application layer (layer seven) attacks, which were up 22.22 percent and 59.83 percent respectively, as well as infrastructure layer (layer three and four) attacks, which rose 36.74 percent and 124.69 percent respectively.
The cloud security company added that gaming was hit by the most attacks, accounting for 35 percent of attacks, followed by the software and technology sector at 25 percent.
It has also seen an increase in DDoS-for-hire activity and had seen eight 'major' attacks reaching more than 100Gbps (with a peak of 170Gbps), with attackers leveraging all techniques including SYN floods, DNS and ICMP. SSDP, a protocol enabled by default in millions of home and office devices including routers, smart TVs, web cams, printers and media server, accounted for 20 percent of activity, a startling rise considering it was not featured in the same report one year ago.
Akamai Technologies expects to see more of these attacks as plans advance to migrate to IPv6, the most recent version of the Internet Protocol which is expected to connect the millions of Internet of Things devices.
“There is an interesting point to note which is the increase in the number of attacks with a corresponding drop in mean peak bandwidth,” said Dave Larson, CTO at Corero Network Security, in an email to SC.
“This correlates quite closely with the transition Corero has been noticing, where DDoS is being used more frequently as a masking agent or security perimeter degradation tool. The big attacks are still occurring – but the increase in lower level attacks of the type we have been highlighting would create this trend in the Akamai data.
He added that smaller attacks may not be covered in the report. “Even with the 35 percent increase in unique DDoS attacks from Q4-2014 to Q1-2015, this still yields a total number of around 440 attacks during the quarter in the entire Akamai/Prolexic customer base. Corero sees nearly this many attacks in just a single average customer (351), with several of our customers experiencing many more discrete DDoS attacks than the entire Akamai/Prolexic customer base.
“This is not intended as a slight against Akamai – but it is an indication that they can only count what they can see…Security conscious organisations must begin taking the security threat of low-level DDoS seriously – DDoS is no longer principally about denying service, it is more about degrading security perimeters.”