CAMBRIDGE, Mass., Aug. 18, 2015 /PRNewswire/ -- Akamai
Technologies, Inc. (NASDAQ: AKAM), the global leader in content
delivery network (CDN) services, today announced the availability
of the Q2 2015 State of the Internet – Security Report. This
quarter's report, which provides analysis and insight into the
global cloud security threat landscape, can be downloaded at
www.stateoftheinternet.com/security-report.
"The threat posed by distributed denial of service (DDoS) and
web application attacks continues to grow each quarter," said
John Summers, vice president, Cloud
Security Business Unit, Akamai. "Malicious actors are continually
changing the game by switching tactics, seeking out new
vulnerabilities and even bringing back old techniques that were
considered outdated. By analyzing the attacks observed over our
networks, we're able to identify emerging threats and trends and
provide the public with the information to harden their networks,
websites and application and improve their cloud security
profiles.
"For example, for this report, we not only added two web
application attack vectors to our analysis, we also examined the
perceived threat posed by the onion router (Tor) traffic and even
uncovered some new vulnerabilities in third-party WordPress plugins
which are being published as CVEs," he said. "The more you know
about cyber security threats, the better you can defend your
enterprise."
DDoS attack activity at a glance
For the past
three quarters, there has been a doubling in the number of DDoS
attacks year over year. And while attackers favored less powerful
but longer duration attacks this quarter, the number of dangerous
mega attacks continues to increase. In Q2 2015, there were 12
attacks peaking at more than 100 Gigabits per second (Gbps) and
five attacks peaking at more than 50 Million packets per second
(Mpps). Very few organizations have the capacity to withstand such
attacks on their own.
The largest DDoS attack of Q2 2015 measured more than 240
gigabits per second (Gbps) and persisted for more than 13 hours.
Peak bandwidth is typically constrained to a one to two hour
window. Q2 2015 also saw one of the highest packet rate attacks
ever recorded across the Prolexic Routed network, which peaked at
214 Mpps. That attack volume is capable of taking out tier 1
routers, such as those used by Internet service providers
(ISPs).
DDoS attack activity set a new record in Q2 2015, increasing
132% compared to Q2 2014 and increasing 7% compared to Q1 2015.
Average peak attack bandwidth and volume increased slightly in Q2
2015 compared to Q1 2015, but remained significantly lower than the
peak averages observed in Q2 2014.
SYN and Simple Service Discovery Protocol (SSDP) were the most
common DDoS attack vectors this quarter – each accounting for
approximately 16% of DDoS attack traffic. The proliferation of
unsecured home-based, Internet-connected devices using the
Universal Plug and Play (UPnP) Protocol continues to make them
attractive for use as SSDP reflectors. Practically unseen a year
ago, SSDP attacks have been one of the top attack vectors for the
past three quarters. SYN floods have continued to be one of the
most common vectors in all volumetric attacks, dating back to the
first edition of the security reports in Q3 2011.
Online gaming has remained the most targeted industry since Q2
2014, consistently being targeted in about 35 percent of DDoS
attacks. China has remained the
top source of non-spoofed attack traffic for the past two quarters,
and has been among the top three source countries since the very
first report was issued in Q3 2011.
At a glance
Compared to Q2 2014
- 132.43% increase in total DDoS attacks
- 122.22% increase in application layer (Layer 7) DDoS
attacks
- 133.66% increase in infrastructure layer (Layer 3 & 4)
attacks
- 18.99% increase in the average attack duration: 20.64 vs. 17.35
hours
- 11.47% decrease in average peak bandwidth
- 77.26% decrease in average peak volume
- 100% increase in attacks > 100 Gbps: 12 vs. 6
Compared to Q1 2015
- 7.13% increase in total DDoS attacks
- 17.65% increase in application layer (Layer 7) DDoS
attacks
- 6.04% increase in Infrastructure layer (Layer 3 & 4)
attacks
- 16.85% decrease in the average attack duration: 20.64 vs. 24.82
hours
- 15.46 increase in average peak bandwidth
- 23.98% increase in average peak volume
- 50% increase in attacks > 100 Gbps: 12 vs. 8
- As in Q1 2015, China is the
quarter's top country producing DDoS attacks
Web application attack activity
Akamai first
began reporting web application attack statistics in Q1 2015. This
quarter, two additional attacks vectors were analyzed:
Shellshock and cross-site scripting (XSS).
Shellshock, a Bash bug vulnerability first tracked in
September 2014, was leveraged in 49%
of the web application attacks this quarter. However, 95% of the
Shellshock attacks targeted a single customer in the financial
services industry, in an aggressive, persistent attack campaign
that endured for the first several weeks of the quarter. Since
Shellshock attacks typically occur over HTTPS, this campaign
shifted the balance of attacks over HTTPS vs. HTTP. In Q1 2015,
only 9% of attacks were over HTTPS; this quarter 56% were over
HTTPS channels.
Looking beyond Shellshock, SSQL injection (SQLi) attacks
accounted for 26% of all attacks. This represents a greater than
75% increase in SQLi alerts in the second quarter alone. In
contrast, local file inclusion (LFI) attacks dropped significantly
this quarter. While it was the top web application attack vector in
Q1 2015, LFI only accounted for 18% of alerts in Q2 2015. Remote
file inclusion (RFI), PHP injection (PHPi), command injection
(CMDi), OGNL injection using OGNL Java Expressing Language (JAVAi),
and malicious file upload (MFU) attacks combined accounted for 7%
of web application attacks.
As in Q1 2015, the financial services and retail industries were
attacked most frequently.
The threat of third-party WordPress plugins and
themes
WordPress, the world's most popular website
and blogging platform, is an attractive target for attackers who
aim to exploit hundreds of known vulnerabilities to build botnets,
spread malware and launch DDoS campaigns.
Third-party plugins go through very little, if any, code
vetting. To better understand the threatscape, Akamai tested more
than 1,300 of the most popular plugins and themes. As a result, 25
individual plugins and themes that had at least one new
vulnerability were identified. In some cases, the plugin or theme
had multiple vulnerabilities – totaling 49 potential exploits. A
full listing of the newly discovered vulnerabilities is included in
the report, along with recommendations to harden WordPress
installs.
The pros and cons of Tor
The Onion Router
(TOR) project ensures the entry node to a network does not match
the exit node, providing a cloak of anonymity for its users. While
Tor has many legitimate uses, its anonymity makes it an attractive
option for malicious actors. In order to assess the risks involved
with allowing Tor traffic to websites, Akamai analyzed web traffic
across the Kona security customer base during a seven-day
period.
The analysis showed that 99% of the attacks were sourced from
non-Tor IPs. However, 1 out of 380 requests out of Tor exit nodes
were malicious. In contrast, only 1 out 11,500 requests out of
non-Tor IPs was malicious. That said, blocking Tor traffic could
have a negative business affect. However, legitimate HTTP requests
to e-commerce related pages showed that Tor exit nodes had
conversion rates on par with non-Tor IPs.
Download the report
A complimentary
copy of the Q2 2015 State of the Internet - Security
Report is available as a free PDF download at
www.stateoftheinternet.com/security-report.
About stateoftheinternet.com
Akamai's
stateoftheinternet.com shares content and information intended to
provide an informed view into online connectivity and cybersecurity
trends as well as related metrics, including Internet connection
speeds, broadband adoption, mobile usage, outages, and
cyber-attacks and threats. Visitors to stateoftheinternet.com can
find current and archived versions of Akamai's State of the
Internet (Connectivity and Security) reports, the company's data
visualizations and other resources designed to help put context
around the ever changing Internet landscape.
About Akamai
As the global leader in Content
Delivery Network (CDN) services, Akamai makes the Internet fast,
reliable and secure for its customers. The company's advanced web
performance, mobile performance, cloud security and media delivery
solutions are revolutionizing how businesses optimize consumer,
enterprise and entertainment experiences for any device, anywhere.
To learn how Akamai solutions and its team of Internet experts are
helping businesses move faster forward, please visit www.akamai.com
or blogs.akamai.com, and follow @Akamai on Twitter.
Akamai
Contacts:
|
|
Rob Morton
|
Tom Barth
|
Media
Relations
|
Investor
Relations
|
617-444-3641
|
617-274-7130
|
rmorton@akamai.com
|
tbarth@akamai.com
|
Logo -
http://photos.prnewswire.com/prnh/20100225/AKAMAILOGO
To view the original version on PR Newswire,
visit:http://www.prnewswire.com/news-releases/akamai-releases-q2-2015-state-of-the-internet---security-report-300129580.html
SOURCE Akamai Technologies, Inc.