Akamai Diversity

The Akamai Blog

State of the Internet / Security Q4 2016

The fourth quarter of 2016 was relatively quiet for web application attacks. The biggest sales season of the year usually signals a marked increase in the number of attacks for all customers - especially retailers. Many merchants breathed a sigh of relief at not being attacked during their most important shopping days.

That's not to say everyone got off without some stress. The days surrounding Thanksgiving, traditionally mark the start of the holiday shopping season in the U.S.. In our Spotlight on Thanksgiving Attacks, we describe an overall daily attack trend and how four retail sub-verticals were each hit by different types of attacks.

The Mirai botnet continued as one of the largest threats in the fourth quarter, but it is not the only Internet of Things (IoT)-based botnet. At least two other major IoT-based botnets are in use. They may be variants of Mirai or new, unrelated botnets. In any case, IoT continues to provide resources to fuel future DDoS attacks. In an analysis of scanning on ports 23 and 2323, we explain our conclusion that, although some timelines place the development of Mirai in early July 2016, our data indicates earlier reports - as early as May 13th.

Highlights include: 

  • Five botnets and the rise of 300+Gbps DDoS attacks 
  • Mirai malware's birthdate revealed by scanning data
  • DDoS attacks per target
  • New types of reflection DDoS attacks
  • Retailers that were targeted by web attacks over Thanksgiving 
  • Top source countries by region for web attacks

Our research team also published three new papers, taking a deep dive into mDNS reflection attacks, the Mirai botnet, and the Dark Web.

Want to see what happened in Q4 2016? Download the latest State of the Internet / Security today.