Akamai Diversity

The Akamai Blog

Coming 1/29: Q4 2014 State of the Internet Security Edition

We continue to preview sections of the Q4 State of the Internet - Security Report due out next week. Last week we told you about a DDoS attack from a group claiming to be Lizard Squad and the unintended consequences of many bots, spiders and scrapers. Tuesday, we shared a history of malware evolution.

Today, we preview the Attack Metrics/Trends section of the report, and what we see for the future.

If we were to boil the gist of the report down to three sentences, it would be something like this:

  • The frequency and severity of DDoS attacks will continue rising as more DDoS-for-hire campaigns take shape.
  • The online gaming industry will continue to be a favorite target among attackers.
  • Unless there's more collaboration between the software and hardware development industry, application and platform service providers, and the security industry, things will keep getting worse.

Now for some report snippets (numbers and other statistics will appear in the full report next week):

Akamai observed a significant increase in the number of DDoS attacks in Q4 2014 compared to last quarter and especially compared to Q4 2013. One of the biggest drivers was a new attack vector using a so-called Christmas tree packet.

The SSDP flood continues to be a favorite attack vector among the bad guys. The size of this kind of attack illustrates an expansion of the DDoS threat landscape by millions of Internet of Things devices (IoT).

Attackers continued to favor a force over technique approach, which was aided by the mass exploitation of web vulnerabilities, the addition of millions of exploitable Internet-enabled devices, successful botnet building and the monetization of these resources in the DDoS-for-hire underground.

The look ahead:

The DDoS-for-hire underground market is gaining momentum. The expansion of the Internet infrastructure, the addition of millions of potentially exploitable Internet-enabled devices and the steady discovery and disclosure of significant vulnerabilities in web applications has driven mass exploitation and botnet building. The DDoS threatscape is expanding and will continue to do so as long as these factors are present.

Even though no records were broken in either volumetric and application-based benchmarks in Q4, there are indicators that records will be broken in the future, such as an SSDP attack peaking at 106 Gbps and the new XMAS-DDoS attack based on a Christmas tree packet generating more than 100 Gbps.

DDoS trends include more attacks, the common use of multi-vector campaigns, the availability of booter services and the low cost of a DDoS campaign that can take down a typical business or organization. The expansion of the DDoS-for-hire market may result in the commoditization of DDoS attacks, where availability drives down prices, which grows the market.

With a flourishing DDoS-for-hire market comes attack innovation and larger, more complex attacks. The refinement and increased sophistication of attack vectors is likely to increase, if nothing is done to break the trend of factors driving the growth of the DDoS-for-hire market.

Collaboration is imperative for the software and hardware development industry, application and platform service providers, and the security industry in order to break the cycle of mass exploitation, botnet building and monetization.

For more on this topic, pre-register for first-day delivery of the Q4 2014 State of the Internet - Security Report.