CAMBRIDGE, Mass., May 19, 2015 /PRNewswire/ --
- Akamai's most comprehensive report on cloud security; now
includes analysis of web application attack triggers on the Akamai
Edge network
- Number of DDoS attacks doubled, packed a smaller,
longer-lasting punch compared to Q1 2014
- IPv6 adoption brings new security threats
Akamai Technologies, Inc. (NASDAQ: AKAM), the global leader in
content delivery network (CDN) services, today announced the
availability of the Q1 2015 State of the Internet – Security
Report. This quarter's report, which provides analysis and insight
into the global cloud security threat landscape, can be downloaded
at www.stateoftheinternet.com/security-report.
"In the Q1 2015 report, we've analyzed thousands of distributed
denial of service (DDoS) attacks observed across the PLXrouted
network as well as nearly millions of web application attack
triggers across the Akamai Edge network. By bringing in the web
application attack data, along with in-depth reports from all of
our security research teams, we're able to provide a more holistic
view of the Internet and the attacks that occur on a daily basis,"
said John Summers, vice president,
Cloud Security Business Unit, Akamai. "This is our biggest and best
security report yet. This report provides an in-depth look at DDoS
attacks, and sets a baseline for web application attack triggers,
so we will be able to report on attack trends for both the network
and application layers in our future reports."
DDoS attack activity soars
Q1 2015 set a record for the number of DDoS attacks observed
across the PLXrouted network – more than double the number recorded
in Q1 2014 – and a jump of more than 35 percent compared to last
quarter. However, the attack profile has changed. Last year, high
bandwidth and short duration attacks were the norm. But in Q1 2015,
the typical DDoS attack was less than 10 gigabits per second (Gbps)
and endured for more than 24 hours. There were eight mega-attacks
in Q1, each exceeding 100 Gbps. While that was one fewer
mega-attack than in Q4 2014, such large attacks were rarely seen a
year ago. The largest DDoS attack observed in Q1 2015 peaked at 170
Gbps.
During the past year, DDoS attack vectors have also shifted.
This quarter, Simple Service Discovery Protocol (SSDP) attacks
accounted for more than 20 percent of the attack vectors, while
SSDP attacks were not observed at all in Q1 or Q2 2014. SSDP comes
enabled by default on millions of home and office devices—including
routers, media servers, web cams, smart TVs and printers—to allow
them to discover each other on a network, establish communication
and coordinate activities. If left unsecured and/or misconfigured,
these home-based, Internet-connected devices can be harnessed for
use as reflectors.
During Q1 2015, the gaming sector was once again hit with more
DDoS attacks than any other industry. Gaming has remained the most
targeted industry since Q2 2014, consistently being targeted in 35
percent of DDoS attacks. The software and technology sector was the
second most targeted industry in Q1 2015, with 25 percent of the
attacks.
Compared to Q1 2014
- 116.5 percent increase in total DDoS attacks
- 59.83 percent increase in application layer (Layer 7) DDoS
attacks
- 124.69 percent increase in infrastructure layer (Layer 3 &
4) DDoS attacks
- 42.8 percent increase in the average attack duration: 24.82 vs.
17.38 hours
Compared to Q4 2014
- 35.24 percent increase in total DDoS attacks
- 22.22 percent increase in application layer (Layer 7) DDoS
attacks
- 36.74 percent increase in infrastructure layer (Layer 3 &
4) DDoS attacks
- 15.37 percent decrease in average attack Duration: 24.82 vs.
29.33 hours
A look at seven common web application attack vectors
For the Q1 2015 report, Akamai concentrated its analysis on
seven common web application attack vectors, which accounted for
178.85 million web application attacks observed on the Akamai Edge
network. These vectors included SQL injection (SQLi), local file
inclusion (LFI), remote file inclusion (RFI), PHP injection (PHPi),
command injection (CMDi), OGNL Java injection (JAVAi) and malicious
file upload (MFU).1
During Q1 2015, more than 66 percent of the web application
attacks were attributed to LFI attacks. This was fueled by a
massive campaign against two large retailers in March, targeting
the WordPress RevSlider plugin.
SQLi attacks were also quite common, making up more than 29
percent of web application attacks. A substantial portion of the
SQLi attacks was related to attack campaigns against two companies
in the travel and hospitality industry. The other five attack
vectors collectively made up the remaining five percent of
attacks.
Accordingly, the retail sector was the hardest hit by web
application attacks, followed by the media and entertainment and
hotel and travel sectors.
The growing threat of booter/stresser sites
The menu of easy-to-use attack vectors found in the
DDoS-for-hire market can make it easy to dismiss the effectiveness
of attackers who use them. A year ago, peak attack traffic using
these tactics from booter/stresser sites typically measured 10-20
Gbps per second. Now these attack sites have become more dangerous,
capable of launching attacks in excess of 100 Gbps. With new
reflection attack methods being added continually, such as SSDP,
the potential damage from these is expected to continue increasing
over time.
IPv6 adoption brings new security risks
IPv6 DDoS is not yet a common occurrence, but there are
indications that malicious actors have started testing and
researching IPv6 DDoS attack methods. A new set of risks and
challenges associated with the transition to IPv6 are already
affecting cloud providers as well as home and corporate network
owners. Many IPv4 DDoS attacks can be replicated using IPv6
protocols, while some new attack vectors are directly related to
the IPv6 architecture. Many of the features of IPv6 could enable
attackers to bypass IPv4-based protections, creating a larger and
possibly more effective DDoS attack surface. The Q1 security report
outlines some of the risks and challenges that are ahead of us.
SQL injection attacks move beyond data theft
While SQL injection attacks have been documented since 1998,
their uses have grown. The effects of these malicious queries can
extend well beyond simple data exfiltration, potentially causing
more damage than a data breach would have. These attacks can be
used to elevate privileges, execute commands, infect or corrupt
data, deny service, and more. Akamai researchers analyzed more than
8 million SQL injection attacks from Q1 2015 to uncover the most
frequent methods and goals.
Website defacements and domain hijacking
Hundreds of web hosting companies provide web hosting for as
little as a few dollars a month. In those cases, the hosting
company may host multiple accounts on the same server. This can
result in hundreds of domains and sites running under the same
server IP address, potentially allowing malicious actors to hijack
multiple web sites at once. Once one site has been compromised, a
malicious actor can potentially traverse the server's directories,
potentially reading username and password lists, to access files
from other customer accounts. This could include web site database
credentials. With this information, attackers could gain the
ability to change files on every site on the server. The Q1
security report includes an explanation of the vulnerability and
recommended defensive measures.
Download the report
A complimentary copy of the Q1 2015 State of the
Internet - Security Report is available as a free PDF download
at www.stateoftheinternet.com/security-report.
About stateoftheinternet.com
Akamai's stateoftheinternet.com shares content and information
intended to provide an informed view into online connectivity and
cybersecurity trends as well as related metrics, including Internet
connection speeds, broadband adoption, mobile usage, outages, and
cyber-attacks and threats. Visitors to stateoftheinternet.com can
find current and archived versions of Akamai's State of the
Internet (Connectivity and Security) reports, the company's data
visualizations and other resources designed to help put context
around the ever changing Internet landscape.
About Akamai
As the global leader in Content Delivery Network (CDN) services,
Akamai makes the Internet fast, reliable and secure for its
customers. The company's advanced web performance, mobile
performance, cloud security and media delivery solutions are
revolutionizing how businesses optimize consumer, enterprise and
entertainment experiences for any device, anywhere. To learn how
Akamai solutions and its team of Internet experts are helping
businesses move faster forward, please visit www.akamai.com
or blogs.akamai.com, and follow @Akamai on Twitter.
1Data on cross-site scripting (XSS) and other high
profile attack vectors was not collected for the Q1 report, but may
be included in future editions.
Akamai
Contacts:
|
|
Rob Morton
|
Tom Barth
|
Media
Relations
|
Investor
Relations
|
617-444-3641
|
617-274-7130
|
rmorton@akamai.com
|
tbarth@akamai.com
|
Logo - http://photos.prnewswire.com/prnh/20100225/AKAMAILOGO
To view the original version on PR Newswire,
visit:http://www.prnewswire.com/news-releases/akamai-releases-q1-2015-state-of-the-internet---security-report-300085204.html
SOURCE Akamai Technologies, Inc.