Internet of Things-powered botnets are set to cause havoc this Christmas season as attackers ramp up their activities even further after a busy third quarter, according to Akamai.
The DDoS mitigation firm claimed in its State of the Internet / Security report that attacks increased 71% over Q3 2015, while those greater than 100Gbps increased 138% from the same period last year.
However, despite this increase, Akamai claimed it mitigated 4,556 DDoS attacks in Q3, which is an 8% decrease from Q2 2016.
That downward curve probably won’t last for long, however, thanks to the likes of the Mirai botnet, which has already been prolific in launching DDoS attacks against the likes of Krebs on Security and Dyn, and even took the African nation of Liberia offline recently.
Akamai predicted a deluge over the coming quarter:
“It is encouraging to see a drop in overall attack numbers in the third quarter of 2016... However, this trend is unlikely to continue. Thanksgiving, Christmas, and the holiday season in general have long been characterized by a rise in the threat of DDoS attacks. Malicious actors have new tools – IoT botnets – that will almost certainly be used in the coming quarter.”
Application layer attacks accounted for fewer than 2% of all DDoS blitzes in Q3, mainly because they require more tech knowledge than infrastructure layer attacks, according to the firm.
UDP fragments and DNS reflection attacks were the most common vectors, accounting for 44% of the total – an increase of 4.5%.
On a more positive note, the number of NTP servers available to use for reflection attacks is “finite and shrinking,” with the average attack size now only around 700 Mbps, the report claimed. This is a major drop from the June 2014 average of over 40 Gbps.
China remained the number one source of attack traffic (30%), followed by the US (22%) and the UK (16%).