Distributed denial of service (DDoS) attacks spiked 40% in Q4 2015 compared with the previous quarter while web application attacks jumped 28% globally, as IT security teams struggled to contain an ever resourceful online enemy, according to Akamai.
The content delivery firm’s latest State of the Internet report for the last three months of 2015 revealed an ever-increasing volume of DDoS attacks.
In fact, they were up 149% year-on-year, with the vast majority (97%) accounted for by infrastructure layer (layer 3 and 4) attacks.
Cyber-criminals continued to rely on so-called “stresser/booter-based botnets” designed to launch reflection attacks by bouncing traffic off DNS, Chargen, NTP, and other servers running vulnerable services.
On the plus side, these kinds of DDoS aren’t capable of generating huge attacks and are time limited, which contributed to a reduction in average attack duration to less than 15 hours.
However, victims were subject to more repeat attacks, with an average of 24 per Akamai customer during the quarter.
More than half of attacks (54%) were aimed at gaming companies, with nearly a quarter (23%) targeting the software and technology industry, the report revealed.
The vast majority of web application attacks (59%) were aimed at retailers – up from 55% in the previous quarter – followed some way behind by media & entertainment (10%) and hotel & travel (10%).
The most popular type of web app attack was LFI (41%), followed by SQLi (28%), PHPi (22%), XSS (5%) and Shellshock (2%).
In terms of attack source, China (28%), Turkey (22%) and the US (15%) were the top three for DDoS campaigns, but the US was way out in front when it came to web app attacks, accounting for 56%. It was followed a long way behind by Brazil (8%) and Russia (7%).
Interestingly, Nexusguard reported Turkey not only as a major DDoS attacks source as above but also a victim in Q4 2015.
Its latest report revealed a ten-fold spike in attacks to a staggering 30,000 events per day, much greater than the thousands of attacks on popular targets China and the US.
David Fernandez at Akamai’s Security Intelligence Response Team (SIRT) claimed these stats aren’t necessarily indicative of the true location of attackers, as threat actors tend to mask their location via Virtual Private Server (VPS) and web hosting services in different locations.
“China internet services are predominately reserved and allocated for government use; this could support our findings in sourced web application attacks. GEO-blocking from an organizational security practice could also apply as well to this statistic,” he told Infosecurity.
“Our research indicates that many of the constructed DDoS botnets originating from the indicated dataset concentrate more in Asia and Eastern Europe and not in the US.”