Akamai Diversity

The Akamai Blog

State of the Internet Report: DDoS Trends, SEA Attacks Highlighted

The latest Akamai State of the Internet report analyzes recent DDoS trends and includes a section on something I've written about a lot in recent months -- attacks from the so-called Syrian Electronic Army

DDoS attacks spiked in the second quarter of 2013, with Akamai customers reporting 318 attacks -- a 54 percent increase over the 208 reported in the first quarter. At 134 reported attacks, the Enterprise sector continued to be the leading target of DDoS attacks, followed by Commerce (91), Media and Entertainment (53), High Tech (23) and Public Sector (17).

Also during the second quarter, the Syrian Electronic Army (SEA) claimed responsibility for several attacks against news and media companies. The attacks all exploited tried-and-true spear-phishing tactics where internal email accounts were compromised and used to collect credentials and gain access to Twitter feeds, RSS feeds and other sensitive information. The attacks were designed to spread propaganda about the regime of Syrian President Bashar al-Assad, and they have indeed attracted plenty of media attention in recent months. 

The quarter covered in the latest report ended June 30, but the SEA's antics have continued. In late August, for example, users couldn't access many high-profile websites one day after SEA launched a targeted phishing attack against a reseller for Melbourne IT, an Australian domain registrar and IT services company. At the time, the IDG News Service reported that the attack allowed hackers to change the DNS records for several domain names including nytimes.com, sharethis.com, huffingtonpost.co.uk, twitter.co.uk and twimg.com -- a domain owned by Twitter.

"This resulted in traffic to those websites being temporarily redirected to a server under the attackers' control," the news service reported. "Hackers also made changes to the registration information for some of the targeted domains, including Twitter.com. However, Twitter.com itself was not impacted by the DNS hijacking attack."

There was some concern that the SEA would use the anniversary of 9-11 and news of potential military action in Syria as an excuse to unleash a fresh wave of DDoS attacks in September, but that spike never materialized

Additional reading: