CAMBRIDGE, Mass., Aug. 22, 2017 /PRNewswire/ -- Newly released
data shows that distributed denial of service (DDoS) and web
application attacks are on the rise once again, according to the
Second Quarter, 2017 State of the Internet / Security Report
released by Akamai Technologies, Inc. (NASDAQ: AKAM). Contributing
to this rise was the PBot DDoS malware which re-emerged as the
foundation for the strongest DDoS attacks seen by Akamai this
quarter.
In the case of PBot, malicious actors used decades-old PHP code
to generate the largest DDoS attack observed by Akamai in the
second quarter. Attackers were able to create a mini-DDoS botnet
capable of launching a 75 gigabits per second (Gbps) DDoS attack.
Interestingly, the Pbot botnet was comprised of a relatively small
400 nodes, yet still able to generate a significant level of attack
traffic.
Another entry on the "everything old is new again" list is
represented by the Akamai Enterprise Threat Research Team's
analysis of the use of Domain Generation Algorithms (DGA) in
malware Command and Control (C2) infrastructure. Although first
introduced with the Conficker worm in 2008, DGA has remained a
frequently used communication technique for today's malware. The
team found that infected networks generated approximately 15 times
the DNS lookup rate of a clean network. This can be explained as
the outcome of access to randomly generated domains by the malware
on the infected networks. Since most of the generated domains were
not registered, trying to access all of them created a lot of
noise. Analyzing the difference between behavioral characteristics
of infected versus clean networks is one important way of
identifying malware activity.
When the Mirai botnet was discovered last September, Akamai was
one of its first targets. The company's platform continued to
receive and successfully defended against attacks from the Mirai
botnet thereafter. Akamai researchers have used the company's
unique visibility into Mirai to study different aspects of the
botnet, most specifically in the second quarter, its C2
infrastructure. Akamai research offers a strong indication that
Mirai, like many other botnets, is now contributing to the
commoditization of DDoS. While many of the botnet's C2 nodes were
observed conducting "dedicated attacks" against select IPs, even
more were noted as participating in what would be considered
"pay-for-play" attacks. In these situations, Mirai C2 nodes were
observed attacking IPs for a short duration, going inactive and
then re-emerging to attack different targets.
"Attackers are constantly probing for weaknesses in the defenses
of enterprises, and the more common, the more effective a
vulnerability is, the more energy and resources hackers will devote
to it," said Martin McKeay, Akamai
senior security advocate. "Events like the Mirai botnet, the
exploitation used by WannaCry and Petya, the continued rise of SQLi
attacks and the re-emergence of PBot all illustrate how attackers
will not only migrate to new tools but also return to old tools
that have previously proven highly effective."
By the Numbers:
Other key findings from the report include:
- The number of DDoS attacks in Q2 increased by 28 percent
quarter over quarter following three quarters of decline.
- DDoS attackers are more persistent than ever, attacking targets
an average of 32 times over the quarter. One gaming company was
attacked 558 times or approximately six times a day on
average.
- Egypt was the origin of the
greatest number of unique IP addresses used in frequent DDoS
attacks with 32 percent of the global total. Last quarter,
the United States held that spot
and Egypt was not among the top
five.
- Fewer devices were used to launch DDoS attacks this quarter.
The number of IP addresses involved in volumetric DDoS attacks
dropped 98 percent from 595,000 to 11,000.
- The incidence of Web application attacks increased five percent
quarter-over-quarter and 28 percent year-over-year
- SQLi attacks were used in more than half (51 percent) of web
application attacks this quarter—up from 44 percent last
quarter—generating nearly 185 million alerts in the second quarter
alone.
A complimentary copy of the Q2 2017 State of the Internet /
Security Report is available for download at
http://akamai.me/2i9vrdz. Download individual charts and graphs,
including associated at http://akamai.me/2w6mI1v.
Methodology
The Akamai Second Quarter, 2017 State
of the Internet / Security Report combines attack data from
across Akamai's global infrastructure and represents the research
of a diverse set of teams throughout the company. The report
provides analysis of the current cloud security and threat
landscape, as well as insight into attack trends using data
gathered from the Akamai Intelligent Platform. The contributors to
the State of the Internet / Security Report include security
professionals from across Akamai, including the Security
Intelligence Response Team (SIRT), the Threat Research Unit,
Information Security, and the Custom Analytics group.
About Akamai
As the world's largest and most trusted
cloud delivery platform, Akamai makes it easier for its customers
to provide the best and most secure digital experiences on any
device, anytime, anywhere. Akamai's massively distributed platform
is unparalleled in scale with over 200,000 servers across 130
countries, giving customers superior performance and threat
protection. Akamai's portfolio of web and mobile performance, cloud
security, enterprise access, and video delivery solutions are
supported by exceptional customer service and 24/7 monitoring. To
learn why the top financial institutions, e-commerce leaders, media
& entertainment providers, and government organizations trust
Akamai please visit www.akamai.com, blogs.akamai.com, or @Akamai on
Twitter.
Contacts:
|
|
Rob Morton
|
Tom Barth
|
Media
Relations
|
Investor
Relations
|
617-444-3641
|
617-274-7130
|
rmorton@akamai.com
|
tbarth@akamai.com
|
View original content with
multimedia:http://www.prnewswire.com/news-releases/q2-2017-akamai-state-of-the-internet--security-report-analyzes-re-emergence-of-pbot-malware-domain-generation-algorithms-relationship-between-mirai-command--control-and-attack-targets-300507459.html
SOURCE Akamai Technologies, Inc.