DDoS Attacks Double over Last Year

Wednesday, May 20, 2015 @ 11:05 AM gHale

The first quarter this year set a record for the number of Distributed Denial of Service (DDoS) attacks, which more than doubled the number in Q1 last year, and jumped more than 35 percent compared to last quarter, a new survey found.

The difference in the types of attacks did change, however, because last year there were more high bandwidth and short duration attacks. That compares to this year where DDoS attacks were less than 10 Gbps and endured for more than 24 hours, according to research from Akamai Technologies.

Attacker ‘Hiding in Plain Sight’
Oil Industry Under Attack
Financial Institution Attacks Uncovered
Warding Off EU’s Sophisticated Attacks

During the past year, DDoS attack vectors have also shifted, Akamai research found. This quarter, Simple Service Discovery Protocol (SSDP) attacks accounted for more than 20 percent of the attack vectors, while SSDP attacks did not end up recorded at all in Q1 or Q2 2014.

SSDP comes enabled by default on millions of home and office devices — including routers, media servers, web cams, smart TVs and printers — to allow them to discover each other on a network, establish communication and coordinate activities. Left unsecured and/or misconfigured, these home-based, Internet-connected devices can end up being reflectors.

For the purpose of this report, Akamai concentrated its analysis on seven common web application attack vectors, which ultimately accounted for 178.85 million web application attacks. These vectors included SQL injection (SQLi), local file inclusion (LFI), remote file inclusion (RFI), PHP injection (PHPi), command injection (CMDi), OGNL Java injection (JAVAi) and malicious file upload (MFU).

During Q1 2015, over 66 percent of the web application attacks ended up attributed to LFI attacks.

SQLi attacks made up more than 29 percent of web application attacks. A substantial portion of these related to attack campaigns against two companies in the travel and hospitality industry. The other five attack vectors collectively made up the remaining five percent of attacks.

The retail sector was the hardest hit by web application attacks, followed by the media and entertainment and hotel and travel sectors.

Most of the common attack vectors detailed in this report, including SQLi, have been around for quite a while.

Click here to register for the report.

Leave a Reply

You must be logged in to post a comment.