According to new Akamai report, DDoS Attacks Continue to Rise
Akamai State of the internet / security report for Q2 shows that DDoS attacks continue. There is a 129% YoY increase in total DDoS attacks and a record 276% increase in NTP reflection attacks. Web application attacks increased by 14 % percent; SQL Injection and Local File Inclusion (LFI) continue growth as most common attack vectors. The report gives special focus to the cloud security landscape, specifically trends with DDoS and web application attacks, as well as malicious traffic from bots.
“While attack sizes are decreasing, we continue to see an uptick in the number of attacks as launch tools grow increasingly pervasive and easy to use and monetize,” said Martin McKeay, Editor-in-Chief, State of the Internet / Security Report. He continued to push the point that DDoS attack continue to rise. “This commoditization renders businesses vulnerable to a higher frequency of attacks they can’t defend against on their own. As we look toward Cybersecurity Awareness Month in October, it is important for organizations to understand what they are up against, specifically as adversaries increasingly threaten DDoS attacks for ransom.”
- Total DDoS attacks increased from Q2/2015-Q2/2016 by 129%
- Akamai observed the largest DDoS attack to date at 363 Gbps on June 20th against a European media customer.
- At the same time, the median attack size fell by 36% to 3.85 Gbps.
- Twelve attacks observed during Q2 exceeded 100 Gbps and two that reached 300 Gbps targeted the media and entertainment industry.
Web Application Attacks
- 14% increase in total web application attacks from Q1 2016.
- Brazil experienced a 197% increase in attacks sourced from the region – the top country of origin for all web application attacks.
- S ranked second among countries for total web application attacks, saw a 13% decrease in attacks compared to Q1 2016.
- SQL Injection 44% and Local File Inclusion 45% were the two most common attack vectors in Q2.
Bot Traffic Analysis
- During one 24-hour period in Q2, bots accounted for 43% of web traffic on Akamai.
- Detected automation tools and scraping campaigns represented 63% of all bot traffic, a 10% increase from Q1 2016. These bots scrape specific websites or industry segments and do not identify their intentions and origin.
Most targeted Industries where DDoS attacks continue
- Retail at 40% including online web purchasing applications
- Hotels and Travel at 21% and
- Financial Services at 11%