The number of distributed denial of service (DDoS) attacks has doubled in the last 12 months, packing a smaller, longer-lasting punch compared to Q1 2014.
Akamai Technologies’ Q1 2015 State of the Internet – Security Report found that Q1 2015 set a record for the number of DDoS attacks observed across the company’s PLXrouted network —more than double the number recorded a year ago (up 116.5%) and a jump of more than 35% compared to last quarter.
In terms of tactics, Akamai saw a 59.83% increase in application layer (Layer 7) DDoS attacks, and a 124.69% increase in infrastructure layer (Layer 3 & 4) DDoS attacks.
However, the attack profile has also changed.
Last year, high-bandwidth, short-duration attacks were the norm. But in the first quarter of this year, the typical DDoS attack was less than 10Gbps in traffic volume, and endured for more than 24 hours. In fact, there was a 42.8% increase in the average attack duration from 2014’s first quarter: 24.82 vs. 17.38 hours a year ago.
That said, there are clear indicators that this trend may be about to change. There were eight mega-attacks in Q1, each exceeding 100Gbps and the largest peaking at 170Gbps. While that was one fewer mega-attack than in Q4 2014, such large attacks were rarely seen a year ago. This indicates the growing threat of booter/stresser sites.
“The menu of easy-to-use attack vectors found in the DDoS-for-hire market can make it easy to dismiss the effectiveness of attackers who use them,” the report noted. “A year ago, peak attack traffic using these tactics from booter/stresser sites typically measured 10-20Gbps. Now, these attack sites have become more dangerous, capable of launching attacks in excess of 100Gbps. With new reflection attack methods being added continually, such as SSDP, the potential damage from these is expected to continue increasing over time.”
Another change on the DDoS horizon is the fact that IPv6 adoption brings new security risks, Akamai warned.
“IPv6 DDoS is not yet a common occurrence, but there are indications that malicious actors have started testing and researching IPv6 DDoS attack methods,” the report said. “A new set of risks and challenges associated with the transition to IPv6 are already affecting cloud providers as well as home and corporate network owners.”
Many IPv4 DDoS attacks can be replicated using IPv6 protocols, while some new attack vectors are directly related to the IPv6 architecture. Many of the features of IPv6 could enable attackers to bypass IPv4-based protections, creating a larger and possibly more effective DDoS attack surface.
"In the Q1 2015 report, we've analyzed thousands of DDoS attacks observed across the PLXrouted network, as well as nearly millions of web application attack triggers across the Akamai Edge network,” said John Summers, vice president for the Cloud Security Business Unit at Akamai, in a statement. “By bringing in the web application attack data, along with in-depth reports from all of our security research teams, we're able to provide a more holistic view of the internet and the attacks that occur on a daily basis.”