Akamai says DDoS attacks are getting stronger as attackers make use of new techniques
The size and volume of Distributed Denial of Service (DDoS) attacks has increased four-fold over the past year, as hackers and cyber criminals seize control of more devices and deploy more sophisticated methods, according to research from Akamai.
The cloud services provider says there was a 339 percent year-on-year increase in average attack bandwidth as the total number of DDoS attacks rose by 22 percent.
High bandwidth and high volume attacks were made possible using multi-vector attack methods, with more than half of all attacks using such tactics, a 9 percent increase from last year. Akamai says this can be explained by better availability of toolkits and an expanded ‘DDoS for hire’ criminal industry.
Attackers are also using a wider variety of devices to launch assaults, with cable modems, smartphones and embedded devices all being targeted. Hackers are also looking to gain control of Linux systems by exploiting vulnerable web- based applications in order to strengthen botnets.
“DDoS attack size and volume have gone through the roof this year,” says John Summers, vice president of Akamai’s security business unit. “. “In the third quarter alone, Akamai mitigated 17 attacks greater than 100 gigabits-per-second, with the largest at 321Gbps.
“Interestingly, we witnessed none of that size in the same quarter a year ago and only six last quarter. These mega-attacks each used multiple DDoS vectors to deliver large bandwidth-consuming packets at an extremely high rate of speed.”
Earlier this year, a 400Gbps DDoS attack targeted an unnamed CloudFlare customer in what was believed to be the largest ever assault in Europe, while Sony, Blizzard and RBS have been among firms targeted in the past year.
Akamai also noted the prominence of phishing attacks, which are still favoured by hacktivists looking to gain login credentials and confidential information. During the third quarter, CNN and the Associated Press were among those to suffer, with the Syrian Electronic Army (SEA) highlighted as a particular advocate of this type of attack.
Typically, the SEA sends emails to members of targeted organisation with a fake log-in page in the hope of tricking the user into surrendering their details. A similar tactic was employed in a recent attack on iCloud users in China, with the Chinese government suspected of orchestrating the scam, although Beijing has denied any involvement.
Are you a security pro? Try our quiz!