It is clear that, in the preceding months, the sophistication and scale of DDoS attacks on vulnerable enterprises has increased rapidly. In the last year nearly double the amount of DDoS attack were recorded; half of which used sophisticated multi-vector attacks. Furthermore, the size of attack is increasing just as rapidly, with a 200% increase in the number of 100 Gbps-plus attacks as compared to a year ago. Each DDoS attack lasted a full 28% longer before resolution. The report concluded that DDoS-for-hire services are thriving and attacks are now available for any disgruntled ex-employee with a few dollars to wave.
The most common form of attacks was UDP-based; the most common protocol for reflection tactics were NTP, CHARGEN, and SSDP. Amazingly, in SSDP floods alone there was a 241% increase in attacks.
Dave Lewis, also at Akamai, says that, “this is what can happen with poorly configured, or worse, devices with no security controls that are rolled out as a component of the Internet of Things. As the IoT continues to increase we will see more opportunities for attackers to leverage devices to increase the size and scope of their botnets.”
John Summers, vice president of Akamai’s Cloud Security Business Unit – authors of the “State of the Internet / Security” report – opined that “an incredible number of DDoS attacks occurred in the fourth quarter, almost double what we observed in Q4 a year ago.” Akamai said it had mitigated nine attacks exceeding 100 Gbps and overall he had seen a 52% increase in the average peak bandwidth of DDoS attacks when compared to Q4 in 2014.
In terms of country of origin, the US was responsible for 31.54% of DDoS traffic with China in second place at 17.6%. Together, the US and China were responsible for nearly half of all the attack traffic in Q4. The sector most vulnerable to this style of attack appears to be the Gaming Industry, accounting for over 35% of all attacks. Software and technology companies were the second most targeted, victims of 26.6% of all DDoS attacks.
The real booster to the growth of DDoS attacks though, is the DDoS-for-hire services. This nascent and ethically dubious sector has “promoted multi-vector campaigns as the competitive market drive attack innovation.” In the fourth quarter of 2014, there were 88% more multi-vector attacks than the corresponding quarter in 2013.
The report concluded that, in terms of current DDoS trends, this would include “more attacks, the common use of multi-vector campaigns, the availability of booster services and the low cost of a DDoS campaign that can take down a typical business or organization. The expansion of the DDoS-for-hire market may result in the commoditization of DDoS attacks, where availability drives down prices, which grows the market. DDoS may become a common tool for even non-technical criminals.”
The security principles set forth in industry standard ISO/IEC 27002 provide a framework for effective security, built around the cycle of Plan, Do, Check, and Act (PDCA). Many good security products are on the market, but all are designed to meet specific threats – and will not block other threats. At GRT Corp. our security philosophy is built around these words by noted security expert Dr. Bruce Schneier: “Security is not a product, but a process.”