Get In Touch
Recently in Web Security Category
It's hard to miss all the media attention surrounding data breaches in healthcare. If you're involved in information security at a healthcare organization, it's no surprise to you that more than 143 million individuals have been affected by data breaches since HHS started tracking incidents in September 2009.
The Q3 2015 State of the Internet Security Report is now available for download at www.stateoftheinternet.com/security-report. Among the highlights: a continued upward trend in DDoS attacks, and attacks fueled by the easy availability of DDoS-for-hire sites that identify and abuse exposed Internet services, such as SSDP, NTP, DNS, CHARGEN, and even Quote of the Day.
Today is Cyber Monday, which is historically the day when many retailers encourage online holiday shopping. Online retailers may see large spikes in traffic to their sites. It is possible that some may interpret these spikes as a DDoS, but in reality it may be what we refer to as a "flash mob".
A flash mob is a large amount of legitimate traffic being sent to a specific site. One way we can often differentiate between a flash mob and a DDoS is by the number of requests per client. A DDoS can have a high or low number of clients with a very high number of requests each client. A flash mob will have a very high number of clients but a relatively low number of requests per client. This is because in the flash mob, the client requests are being sent from a human and not an automated script.
The remediation of a flash mob is cache offloading, so as much content as possible can be served from the edge and leave the origin servers for tasks that only they can do.
If you are an Akamai customer who feels they are being attacked with DDoS traffic, please follow the usual incident protocols and contact your Customer Care representative, but Akamai's SIRT is also available to assist and to investigate deeper into the traffic.