An increase in DDoS, gamers attacking gamers and the rise of the memcached reflector attacks are all key trends in the latest Summer 2018 State of the Internet / Security Web Attack report from Akamai. The report, published twice a year, covers the six month period between November 1, 2017 and April 30, 2018.
Key finds from the report include:
- DDoS attacks:
- Once attacked, it is extremely likely an organisation will be attacked again – companies that were attacked were targeted 41 times on average, with one organisation suffering from 884 DDoS attacks in that time frame
- The biggest DDoS Akamai has seen to date – Akamai saw 7,822 DDoS attacks during this time period (a 16% increase in total DDoS attacks). This 1.35 Tbps attack against a software development company made use of memcached servers as reflectors. To put this in to perspective, the TAT-14 cable, one of many between the US and Europe, is capable of carrying 3.2 Tbps of traffic. This attack was, arguably, the largest attack seen on the internet to date
- The gaming industry has continued to be the single largest target of DDoS attacks that Akamai defends against. The majority of these attacks appear to stem from the people using systems affected by the attacks. In other words, it’s mainly gamers attacking the sites out of frustration or hoping to gain an edge on their competitors
- So where are all these attacks coming from? The answer is complicated. Reflection attacks, botnets, and the ease of spoofing with UDP mean that determining the location of the attacker is difficult based simply on the traffic the defender sees. Tracing the DDoS traffic back to the attacker is difficult, expensive, and time consuming, not to mention unprofitable
- Web application attacks:
- Over this six-month period, Akamai received 400,000,000 web application attacks from around the globe
- The most common web application attacks – this continues to be SQL injection, which accounted for 51% of the attacks seen by Akamai’s Kona Web Application Firewall in the period
- Local File Inclusion (LFI) and cross-site scripting (XSS) made up the majority of the remainder of attacks, responsible for 34% and 8% of all attacks, respectively
You can read the full report HERE.