Akamai Technologies announced its Q3 2015 report, which provides analysis and insight into the global cloud security threat landscape.
“Akamai has been seeing greater numbers of denial of service attacks every quarter, and the upward trend continued in the most recent quarter. Although recent DDoS attacks were on average smaller and shorter, they still posed a significant cloud security risk,” said John Summers, VP, Cloud Security Business Unit, Akamai. “Attacks are being fueled by the easy availability of DDoS-for-hire sites that identify and abuse exposed Internet services, such as SSDP, NTP, DNS, CHARGEN, and even Quote of the Day.”
DDoS attack activity across the Akamai routed network jumped 23% this quarter from already record levels to 1,510 attacks, an increase of 180% over Q3 2014. Although there were substantially more attacks, on average the attacks were shorter with lower average peak bandwidth and volume.
Mega attacks (greater than 100 Gbps) were fewer: eight were recorded in Q3 compared to 12 in Q2 and 17 in Q3 a year ago. The largest bandwidth DDoS attack in Q3 – leveraging the XOR DDoS botnet – measured 149 Gbps. This was down from the peak 250 Gbps DDoS attack last quarter. Of the eight mega attacks, the media and entertainment sector was targeted most frequently, with three attacks.
While attack bandwidth was down, Q3 hit a record by a different measure of attack size. A firm in the media and entertainment industry was hit by a record-breaking 222 million packets per second (Mpps) DDoS attack, a small increase over a record-breaking attack of 214 Mpps in Q2. This large attack can be compared to an average peak volume of 1.57 Mpps for all DDoS attacks observed by Akamai in Q3. An attack of this size could bring down a tier 1 router, such as those used by ISPs.
The online gaming sector was hit particularly hard by DDoS attacks in Q3 2015, accounting for 50% of the recorded DDoS attacks. Gaming was followed by software and technology, which suffered 25% of all attacks. Online gaming has been the most targeted industry for more than a year.
Reflection-based DDoS attacks are proving more popular than infection-based DDoS. Instead of spending time and effort to build and maintain DDoS botnets as they did in the past, more DDoS attackers have been exploiting the existing landscape of exposed network devices and unsecured service protocols. Whereas reflection DDoS attacks accounted for only 5.9% of all DDoS traffic in Q3 2014, these attack vectors accounted for 33.19% of DDoS traffic in Q3 2015.
Compared with Q3 2014:
- 179.66% increase in total DDoS attacks
- 25.74% increase in application layer (Layer 7) DDoS attacks
- 198.1% increase in infrastructure layer (Layer 3 & 4) DDoS attacks
- 15.65% decrease in average attack duration: 18.86 vs. 22.36 hours
- 65.58% decrease in average peak attack bandwidth
- 88.72% decrease in average peak attack volume
- 462.44% increase in reflection attacks
- 52.94% decrease in attacks > 100 Gbps: 8 vs. 17.
Compared with Q2 2015:
- 22.79% increase in total DDoS attacks
- 42.27% decrease in application layer (Layer 7) DDoS attacks
- 30.21% increase in infrastructure layer (Layer 3 & 4) DDoS attacks
- 8.87% decrease in average attack duration: 18.86 vs. 20.64 hours
- 25.13% decrease in average peak attack bandwidth
- 42.67% decrease in average peak attack volume
- 40.14% increase in reflection attacks
- 33.33% decrease in attacks > 100 Gbps: 8 vs. 12.