After Ransomware and many more security compromises as well as other headaches of this year, it is being reported that the DDoS attacks are on the rise – especially in this second quarter of the year 2017, which is strangely the first time for the past one year when this has happened. Akamai has reported that this rise is being observed as the black hats have now come back to the standard tools and techniques, which have stood the test of time like PBot, Domain Generation Algorithms (aka DGA) and Mirai.
Akamai which pioneers and provides services in the field of cloud delivery recently came up with its State of the Internet (Security) Report (for Quarter two of year 2017) which was an analysis of data being collected from more than two hundred thousand servers working for over sixteen hundred networks. It is being reported that such an analysis led to Akamai discovering around twenty eight percent increase regarding the volume of DDoS attacks as compared to the first quarter of the year. The report also comes after three continuous quarters where decline in such attacks was reported.
The report has interesting data and revelations for anyone remotely interested in security – it seems that now attackers are more focussed than ever to break through the security walls. Today, victim organizations are facing an attack frequenting around 32 times distributed over a period of time on average. On the other hand, we have a gaming firm, which was reportedly hit by attackers for an incredible 558 times in quarter two alone.
Attackers which are called DDoS-ers are now revising their attacks and using one of the oldest tricks in the box like PBot which is old wine in new bottle basically. A malware like PBot lets attackers construct a mini-botnet which can in fact launch an attack of 75 GBPS – which also is the grandest attack of this quarter. On the other hand, DGA or Domain Generation Algorithms, which were first introduced long way back in 2088 with Conficker, are being quite often used currently in C&C infrastructure by attackers today, as reported by Akamai.
It is quite clear that a technology like DGA is a favorite given how it lets DDoS-ers come up with random domain names, which basically surprises and confuses white hat efforts of confronting and capturing them. Similarly, a report regarding Mirai has stated that it is being put to use by DDoS-ers as a service for hire to perform attacks as pay for play.
A Senior Security Advocate for Akamai, Martin McKeay has stated that these attackers are now on a continuous look out for any kind of gap or vulnerability in the security walls of corporations and organisations. It is also quite common that once a weakness is discovered, its vulnerability level is decided, more time and energy and resources are thus spent by attackers on more profound vulnerabilities. He added that incidents like the Mirai botnet, the way WannaCry exploited systems, Petya and the increase in SQLi attacks as well as the trend bending towards PBot again – this all shows how attackers are now evolving at a never before speed where they are ready to use the newest tricks and tools and are as receptive to return to the old hags which have performed efficiently in the recent past.
You may note that Egypt now sits on the top as the biggest source of such attack traffic with 32 percent, on the other hand United Kingdom has dropped from the second place, which it had in the last two quarters to a position which does not even rank in top five. But many UK firms and organisations actually faced a lot of attacks during the whole time, 32.6 million attacks to be exact. Which is funnily a little lesser than the top entry in that list United States of America, whose firms faced an incredible 122 million attacks. Finally, these web app attacks have actually increased five percent as compared to last quarter and a whooping twenty eight percent as compared to last year – and SQLi figures most of these attacks at 51 percent.
Have you faced an attack in past few months? Let us know in the section below.