Traffic volume for internet attacks aimed at bringing web servers to their knees continues to accelerate. In the past year, there has been a 52% increase in average peak bandwidth of distributed denial of service (DDoS) attacks, according to new research.
Akamai Technologies’ Q4 2014 State of the Internet – Security Report, produced by the Prolexic Security Engineering and Research Team (PLXsert), found that compared to Q4 a year ago, there were 57% more DDoS attacks and a 28% increase in average attack duration. Compared to the previous quarter, attacks spiked by 90%.
"An incredible number of DDoS attacks occurred in the fourth quarter, almost double what we observed in Q4 a year ago," said John Summers, vice president of the Cloud Security Business Unit, Akamai. "Denial of service is a common and active threat to a wide range of enterprises. The DDoS attack traffic was not limited to a single industry, such as online entertainment that made headlines in December. Instead, attacks were spread among a wide variety of industries."
There were several reasons for the spike in usage, the firm said. For one, resourceful DDoS-for-hire booter suites took a low-investment approach by tapping into reflection-based DDoS attacks. Nearly 40% of all DDoS attacks used reflection techniques, which rely on internet protocols that respond with more traffic than they receive and do not require an attacker to gain control over the server or device.
Further, widespread availability of these types of for-hire DDoS services allowed low-level, non-technical attackers to purchase ready-to-use DDoS services. The expansion of the DDoS-for-hire market also promoted the use of multi-vector campaigns, as the competitive market drove attack innovation. Significantly more multi-vector attacks were observed – 88% more than in Q4 2013. More than 44% of all attacks used multiple attack vectors—representing an 84% increase from a year ago.
Akamai also found that the timing of DDoS attacks was distributed more evenly in Q4, a DDoS trend that appears to be fueled by an increasing number of targets of greater value in previously underrepresented geographic locations. At the same time, geographical sources of malicious traffic have shifted. The United States and China continued as the lead source countries for DDoS traffic, but instead of the Brazil, Russia, India and China (BRIC) block that dominated in Q3 2014, Q4 DDoS attack traffic came in large part from the United States, China and Western Europe.