Q3 DDoS Attack Volumes Are the Largest Ever Seen

Written by

A brute-force approach characterized the most significant distributed denial of service (DDoS) campaigns in Q3, as attackers shifted towards new attack methods and enhanced older attack methods to consume more bandwidth.

The latest State of the Internet Security Report from Akamai's Prolexic Security Engineering and Research Team (PLXsert) found that these record-setting DDoS attack campaigns marked an 80 percent increase in average peak bandwidth in Q3 compared to the previous quarter and a four-fold increase from the same period a year ago. Q3 also saw an increase in average peak packets per second, recording a 10 percent increase over the previous quarter, and a four-fold increase compared the same quarter in 2013.

"DDoS attack size and volume have gone through the roof this year," said John Summers, vice president of the Security Business Unit at Akamai Technologies, in a statement. "In the third quarter alone, Akamai mitigated 17 attacks greater than 100Gbps, with the largest at 321Gbps.”

To put that in perspective, there were none of that size in the same quarter a year ago, and only six last quarter—so this is an escalating trend, both figuratively and literally.

One of the reasons for that is the increased availability of attack toolkits with easy-to-use interfaces, as well as a growing DDoS-for-hire criminal industry. More than half (53 percent) of all attacks are thus now utilizing multiple attack vectors— representing an 11 percent increase in multi-vector attacks compared to last quarter, and a nine percent increase compared to one year ago.

“These mega-attacks each used multiple DDoS vectors to deliver large bandwidth-consuming packets at an extremely high rate of speed,” added Summers.

Malicious actors have also found ways to involve a wider base of devices to expand DDoS botnets and produce larger DDoS attacks. PLXsert has observed botnet-building efforts in which malicious actors sought to control systems by gaining access through vulnerable web applications on Linux-based machines, for instance.

Attackers have also expanded to use more kinds of connected devices, including smartphones and embedded devices, customer-premises equipment (CPE) like home cable modems, and a variety of internet-enabled devices including home-based and wearables within the category of the Internet of Things (IoT).

That's something that will show up in the Q4 report as well. In fact,  PLXsert just uncovered a new reflection and amplification DDoS attack that deliberately misuses communications protocols that come enabled on millions of home and office devices, including routers, media servers, web cams, smart TVs and printers.

What’s hot on Infosecurity Magazine?