Akamai’s latest security report, focused on Q4 2017, noted that DDoS attacks went up by 14% year-on-year. Application-layer attacks rose by 115% quarter by quarter, however, they still comprised under 1% of all DDoS attacks. Year-on-year, there was also a 14% increase in infrastructure-layer (layers 3 & 4) attacks and a 4% rise in reflection-based attacks.
During the fourth quarter of 2017, DDoS attacks actually levelled off, dropping very slightly (by under 1%) compared to the previous quarter. All in all, Akamai noted that “the DDoS landscape appeared to plateau”, attributing it in part to Mirai hitting so hard at the end of 2016 and other botnets re-suiting up in order to catch up to its enormous size. At the same time, DDoS attacks set new records in disruption.
The gaming industry was the hardest hit, experiencing 79% of all DDoS attacks in Q4 2017. The financial services industry was the second in line, experiencing a significant uptick in DDoS activity in the final quarter, with 45 attacks in one week marking a high. The overwhelming frequency of these attacks points to the necessity of DDoS mitigation in these sectors in particular, not only to prevent down-time and disruption, but also to mitigate against multi-pronged attacks in which DDoS campaigns serve as a cover for more malevolent deeper system breach attempts.
The finance industry continues to be a popular target for the Mirai and PBot botnets. Scanning from the Mirai botnet peaked in late November, showing that the botnet is “still capable of explosive growth”. Akamai notes that botnet creators are still altering the source code for their specific needs, and with increasing numbers of connected and IoT devices on the market with limited security, the Internet will “continue to offer fertile ground for large-scale attacks”.
Guest author Chris Kubecka, CEO of HypaSec, says that “54% of the DNS servers I scanned could be utilized in DDoS amplification attacks”, adding “this is why there are millions of weak points that can be aimed and used for reflection attacks”.
Akamai noted that infrastructure-related attacks continue to dominate mainly because the barrier to entry is so low. Anyone with access to the Internet can find the methodology and tools for launching volumetric DDoS attacks at minimal cost. Until this changes, DDoS attacks are around to stay.