The one certainty in the world of cybersecurity is that change is imminent. Akamai’s State of the Internet report can help you stay ahead. It offers security facts about 2018, plus a prescient glimpse into 2019 and beyond.
Akamai’s chief security officer (CSO), Andy Ellis, shares his deep knowledge of security and industry trends.
The trends in DDoS are remarkably stable: DDoS attacks come in many shapes, but the maximum size appears to be constrained by a small quarterly growth curve. The most likely explanation for this is that the underlying growth of the internet limits the total capacity of botnets.
Attend to application-level attacks: While bandwidth is the axis of DDoS most people think about, leverage is just as critical in many ways. Leverage is simply a measure of how effective an individual attack is compared to the amount of traffic generated. The higher the leverage of an attack, the more ‘damage’ can be done with the same amount of traffic.
Get ahead of credential stuffing: Attackers want to gain access to systems in ways that aren’t just about outages. Take the latest high-profile attacks in the world of account takeovers, which often begin with credential stuffing. This type of attack relies on the greatest weakness of the web: passwords. Users, faced with the challenge of managing accounts on dozens of websites, often reuse a few passwords across multiple accounts.
The market has moved to something akin to a ‘gig; economy: Many adversaries specialize in one component of the hostile ecosystem, ‘buy’ access to lower-level data (like data breaches), and then (after conducting a round of credential stuffing) sell a list of accounts ready to be taken over.
While blockchain has yet to make serious inroads outside cryptocurrencies, the time is coming: While some adversaries aim high, attacking cryptocurrency exchanges, others aim small. The rise of cryptojacking, the insertion of adware-based cryptocurrency mining software, is an example of adversaries targeting the lower end of the continuum. By buying ads directly, inserting them through adware, or injecting them into unsecured HTTP connections, attackers can monetize your processing power for themselves.
Techniques like these and others will continue. Akamai can help protect your organization. We defended more than 400 million web application attacks over a six-month period – a 38% increase over the prior period.
Keep pace with an ever-changing landscape by implementing security at the edge. To learn more, read this full whitepaper, visit www.akamai.com or blogs.akamai.com, and follow @Akamai on Twitter.