Akamai Diversity

The Akamai Blog

SOTI Security Series: Magnified View of DDoS Attack Types and Industry Verticals

In Akamai's most recent SOTI (State of the Internet) Security Report (Download the Q1 2015 report here), two areas of research focused on the most frequent attack types by target industry, and DDoS attack distribution between Q1 2014 and the same period a year later.

Since the report's release, we've delved deeper into the data and came up with two charts showing a more granular view based on Fig. 1-4 and 1-7 within that report.

The first graph highlights each attack vector within the DDoS realm and lists the percentage breakdown of most popularly-used attacks against a certain industry. Among the highlights:

  • The most popular attack vector for all of Q1 2015 was SSDP reflection attacks at 20.78 percent. All nine industries listed have been targeted by this attack type.

  • With the SSDP attacks identified, both the Financial Services and Hotel and Travel industries accounted for over 26 percent as the primary attack type targeting them.

  • This view also helps understand the commonalities of attack types used over our entire customer base regardless of industry. The monetization of DDoS-for-hire services has become a platform for DDoS as a primary weapon at low cost.

  • Along side SSDP, SYN, UDP, and UDP fragments floods contain the highest percentage base across most of the industry verticals displayed.

  • The only industry that didn't receive UDP fragmentation within a DDoS attack in Q1 2015 was the Hotel and Travel industry. This indicates that they have not been targeted with DDoS campaigns where the custom oversized packets or amplification factors exceed the maximum MTU size (1500) causing fragmentation.

Next, looking at nine major industries targeted by DDoS attacks and reviewing the associated attack type distribution by percentage for each industry, highlights listed:

  • As Online Gaming was the most frequently attacked industry at over 35 percent in Q1 2015. Over 50 percent of those attacks are made of SSDP, UDP, UDP fragment and SYN floods.

  • Software and Technology came in second at 25 percent, and over 65 percent of those attacks were also comprised of the same ones as the Online Gaming Industry.

DDoS Attack Type Distribution

The next graph expands on the previously released Figure 1-4 within the DDoS section of the Q1 2015 SOTI security report. It is designed to:

  • Include all quarters within Q1 2014 - Q1 2015

  • Produce a data spec for all quarters building on the Threat Landscape specific to attacks Akamai mitigated for its customers

Here we see the gradual decline of the most historically popular DDoS attack (SYN Floods) and in return the reserve in overall reflection based campaigns.


  • SYN Floods at almost 26 percent in Q2 2014 have gradually decreased over 10 percent as represented in the current quarter.

  • The concept of "Reflection over Infection" has indeed been adapted into the more preferred method for launching DDoS attacks.

  • This is most evident in SSDP and CHARGEN reflection which combined represent 27 percent off all identified DDoS attacks mitigated against within the PLXrouted and proxy platforms.

  • Overall this graph represents 25 classified DDoS attack types.

We hope these extended views are of value to our SOTI security audience. Please email us at  stateoftheinternet@akamai.com and let us know if there are additional visualizations you might find of interest, and keep an eye on stateoftheinternet.com for periodic updates of data visualizations from the SOTI security team.