DDoS attacks rose again in Q2 for the first time in almost a year as the black hats returned to tried-and-tested tools and techniques including PBot, Mirai and Domain Generation Algorithms (DGA), according to Akamai.
The cloud delivery provider crunched data collected from over 230,000 servers in more than 1600 networks to compile its State of the Internet/Security Report for Q2 2017.
It revealed 28% increase in the volume of DDoS attacks since Q1, following three straight quarters of decline.
Attackers appear to be more determined than ever, with victim organizations being hit on average 32 times over the period. One gaming firm was hit a whopping 558 times in Q2, the report revealed.
To launch such attacks, DDoS-ers are returning to some old favorites, including PBot malware which allowed them to build a mini-botnet capable of launching a 75Gbps attack, the largest recorded in the quarter.
Domain Generation Algorithms were first introduced back in 2008 with Conficker, but are still being commonly used in C&C infrastructure by DDoS-ers today, according to Akamai. This is because the technique allows them to generate an endless number of random domains names, confounding white hat efforts to capture them.
Finally, the report revealed that Mirai is now being used frequently in “pay for play” attacks, as a DDoS service-for-hire.
“Attackers are constantly probing for weaknesses in the defenses of enterprises, and the more common, the more effective a vulnerability is, the more energy and resources hackers will devote to it,” said Martin McKeay, Akamai senior security advocate.
“Events like the Mirai botnet, the exploitation used by WannaCry and Petya, the continued rise of SQLi attacks and the re-emergence of PBot all illustrate how attackers will not only migrate to new tools but also return to old tools that have previously proven highly effective.”
Egypt came out of nowhere to become the biggest source of DDoS attack traffic (32%), with the UK dropping from second place in the past two quarters to a position out of the top five.
However, UK firms were on the receiving end of a huge number of web application attacks during the period: 32.6 million. This is still some way behind the number one target: US firms were hit by over 122 million attacks.
In total, web app attacks increased 5% quarter-on-quarter and 28% year-on-year, with SQLi attacks accounting for more than half (51%).