Q1 2015 set a record for the number of DDoS attacks observed across the PLXrouted network – more than double the number recorded in Q1 2014 – and a jump of more than 35% compared to last quarter, as per the findings of Akamai Technologies’ State of the Internet – Security Report.
As per the report findings, there has been a 59.83% increase in application layer (Layer 7) DDoS attacks, and a 124.69% increase in infrastructure layer (Layer 3 & 4) DDoS attacks.
“In the Q1 2015 report, we’ve analyzed thousands of distributed denial of service (DDoS) attacks observed across the PLXrouted network as well as nearly millions of web application attack triggers across the Akamai Edge network. By bringing in the web application attack data, along with in-depth reports from all of our security research teams, we’re able to provide a more holistic view of the Internet and the attacks that occur on a daily basis,” said John Summers, vice president, Cloud Security Business Unit, Akamai.
According to the report, the attack profile has changed. Last year, high bandwidth and short duration attacks were the norm. But in Q1 2015, the typical DDoS attack was less than 10 gigabits per second (Gbps) and endured for more than 24 hours. There were eight mega-attacks in Q1, each exceeding 100 Gbps. While that was one fewer mega-attack than in Q4 2014, such large attacks were rarely seen a year ago. The largest DDoS attack observed in Q1 2015 peaked at 170 Gbps.
During the past year, DDoS attack vectors have also shifted. This quarter, Simple Service Discovery Protocol (SSDP) attacks accounted for more than 20% of the attack vectors, while SSDP attacks were not observed at all in Q1 or Q2 2014. SSDP comes enabled by default on millions of home and office devices—including routers, media servers, web cams, smart TVs and printers—to allow them to discover each other on a network, establish communication and coordinate activities. If left unsecured and/or misconfigured, these home-based, Internet-connected devices can be harnessed for use as reflectors.
During Q1 2015, the gaming sector was once again hit with more DDoS attacks than any other industry. Gaming has remained the most targeted industry since Q2 2014, consistently being targeted in 35% of DDoS attacks. The software and technology sector was the second most targeted industry in Q1 2015, with 25% of the attacks.
As per the report, IPv6 adoption brings new security risks. “IPv6 DDoS is not yet a common occurrence, but there are indications that malicious actors have started testing and researching IPv6 DDoS attack methods. A new set of risks and challenges associated with the transition to IPv6 are already affecting cloud providers as well as home and corporate network owners,” says the report.
Many IPv4 DDoS attacks can be replicated using IPv6 protocols, while some new attack vectors are directly related to the IPv6 architecture. Many of the features of IPv6 could enable attackers to bypass IPv4-based protections, creating a larger and possibly more effective DDoS attack surface.