DDoS Sees Triple-Digit Growth in One Year
Distributed denial of service (DDoS) attacks are on the rise, even as attack volume falls.
Total DDoS attacks increased 129 percent in Q2 2016 from Q2 2015, and during the second quarter, Akamai mitigated a total of 4,919 DDoS attacks.
According to Akamai Technologies’ Second Quarter 2016 State of the Internet Security Report, large-volume attacks are continuing too. Akamai observed its largest DDoS to date at 363Gbps on June 20, against a European media customer. Twelve attacks observed during Q2 exceeded 100 Gbps and two that reached 300 Gbps targeted the media and entertainment industry.
That said, at the same time, the median attack size fell by 36% to 3.85Gbps.
“While attack sizes are decreasing, we continue to see an uptick in the number of attacks as launch tools grow increasingly pervasive and easy to use and monetize,” said Martin McKeay, editor-in-chief for the report. “This commoditization renders businesses vulnerable to a higher frequency of attacks they can’t defend against on their own. As we look toward Cybersecurity Awareness Month in October, it is important for organizations to understand what they are up against, specifically as adversaries increasingly threaten DDoS attacks for ransom.”
The report also shows that Q2 2016 had a 14% increase in total web application attacks from Q1 2016. SQL Injection (44%) and Local File Inclusion (45%) were the two most common attack vectors in Q2.
As far as regional notes go, Brazil experienced a 197% increase in attacks sourced from the region—the top country of origin for all web application attacks. The United States meanwhile ranked second among countries for total web application attacks, seeing a 13% decrease in attacks compared to Q1 2016.
And, the analysis shows that bots are still a scourge: During one 24-hour period in Q2, bots accounted for 43% of all web traffic across the Akamai Intelligent Platform. Detected automation tools and scraping campaigns represented 63% of all bot traffic, a 10% increase from Q1 2016. These bots scrape specific websites or industry segments and do not identify their intentions and origin.
Source | infosecurity-magazine