Akamai Technologies has published its Prolexic Q1 2014 Global DDoS Attack Report, which indicates that the Media and Entertainment industry was the target of the majority of malicious attacks.
Prolexic Technologies, now part of Akamai, is a specialist in Distributed Denial of Service (DDoS) protection services, and has produced the quarterly Global DDoS Attack Report since 2011. The report provides analysis and insight into the global DDoS threat landscape.
“In Q1, DDoS attackers relied less upon traditional botnet infection in favour of reflection and amplification techniques
, a trend Prolexic has been seeing for some time,” said Stuart Scholly, senior vice president and general manager of Security at Akamai Technologies. “Instead of using a network of zombie computers, the newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. We believe this approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.”
Prolexic has observed the most abused protocols to be Character Generator (CHARGEN), Network Time Protocol (NTP) and Domain Name System (DNS)
. These protocols, which are all based on the User Datagram Protocol (UDP
), may be favoured as they allow attackers to hide their identity. In addition, amplification-based attacks can deliver a massive flood of data at the target while requiring only a relatively small output from the source.
According to the report, new reflection and amplification attack tools can deliver a powerful punch. Q1 saw a 39 per cent increase in average bandwidth and the largest-ever DDoS attack to cross the Prolexic DDoS mitigation network. This attack involved multiple reflection techniques combined with a traditional botnet-based application attack to generate peak traffic of more than 200 Gbps (gigabits per second) and 53.5 Mpps (million packets per second).
This quarter saw more than half of the DDoS attack traffic aimed at the Media and Entertainment industry. This one industry was targeted by 54 per cent of the malicious packets mitigated by Prolexic during active DDoS attacks in Q1.
Highlights from Prolexic’s Q4 2014 Global DDoS Attack Report:
Compared to Q1 2013
• 47 per cent increase in total DDoS attacks
• 9 per cent decrease in average attack bandwidth
• 68 per cent increase in infrastructure (Layer 3 & 4) attacks
• 21 per cent decrease in application (Layer 7) attacks
• 50 per cent decrease in average attack duration: 35 vs. 17 hours
• 133 per cent increase in average peak bandwidth
Compared to Q4 2013
• 18 per cent increase in total DDoS attacks
• 39 per cent increase in average attack bandwidth
• 35 per cent increase in infrastructure (Layer 3 & 4) attacks
• 36 per cent decrease in application (Layer 7) attacks
• 24 per cent decrease in average attack duration: 23 vs. 17 hours
• 114 per cent increase in average peak bandwidth