Q3 2014 State of the Internet Security Report – Statistics and Trends Selected excerpts

Record-setting DDoS attack campaigns marked the third quarter of 2014. Q3 2014 saw an 80 percent increase in average peak bandwidth compared to Q2 2014, and a 389 percent increase from the same period a year ago. A major factor in this increase is a shift by attackers towards new attack vectors and the enhancement of older attack vectors to consume more bandwidth. In addition, a wider base of devices was used to expand DDoS botnets.

More sophisticated, multi-vector attacks became the norm in Q3, with more than half (53 percent) of all attacks utilizing multiple attack vectors. This was an 11 percent increase in multi-vector attacks compared to Q2 2014, and a nine percent increase compared to Q3 2013. Multi-vector attacks have been fueled by the increased availability of attack toolkits with easy-to-use interfaces as well as the growing DDoS-for-hire criminal industry.

Malicious actors have focused on gathering resources and creating and expanding botnets, rather than refining payloads that seek to bypass DDoS mitigation technology. Another sign reinforcing this trend is the identification and appearance of payloads developed for computing systems beyond the classic desktop and server operating systems. This includes ARM-based DDoS binaries that attempt to victimize customer-premises equipment (CPE), home cable modems, mobile devices and a great variety of Internet-enabled devices, such as server racks, industrial radio frequency (IRF) towers, industrial network storage and even home-based and wearables within the category of the Internet of Things (IoT) devices.

PLXsert observed botnet building efforts in which malicious actors attacked vulnerable web servers and developed infrastructure-layer DDoS payloads. They also targeted embedded devices with multi-platform payloads of DDoS malware, part of the trend where malicious actors have sought to harness a wider array of devices for malicious activities.

Q3 continued the trend of newly introduced attack vectors with the introduction of Simple Service Discovery Protocol (SSDP) reflection attacks — the third reflection attack vector introduced this year. This UDP-based reflection method allows the malicious actor to tap into a rich base of deployed devices with a simple spoofed request. SSDP is enabled on millions of Internet-connected devices such as routers, network cameras, smart TVs and many other devices including desktop computers and laptops. Millions of available SSDP-enabled devices could result in higher attack bandwidth numbers.

The five industries most frequently targeted by DDoS attacks in Q3 were gaming, media and entertainment, software and technology, financial services, and Internet and telecom. The online entertainment industry took the brunt of attacks accounting for 34 percent of DDoS attacks, a slight decrease from last quarter. The media industry came in second, targeted by 24 percent of attacks. The software and technology industry was hit with 20 percent of attacks, the financial services industry with 9 percent, and the Internet and telecom vertical was targeted 9 percent of the time.

The U.S. was the main source of DDoS attacks in Q3, accounting for 24 percent of all attacks. Countries with emerging and expanding infrastructures were next, including China with 20 percent, Brazil with 18 percent and Mexico with 14 percent. Korea came in fifth with 6 percent, followed by Germany with 6 percent and Japan with 4 percent.

Together, Brazil, Russia, India and China accounted for 43 percent of DDoS traffic. Countries located in Asia accounted for more than a third of the global DDoS attack traffic with 36 percent, which can be attributed to a surge in DDoS-related malware such as IptabLes and IptabLex.

Get the full Q3 2014 State of the Internet – Security Report with all the details

Each quarter Akamai produces a quarterly Internet security report. Download the Q3 2014 State of the Internet – Security Report for:

• Analysis of DDoS attack trends • Bandwidth (Gbps) and volume (Mpps) statistics • Year-over-year and quarter-by-quarter analysis • Application layer attacks • Infrastructure attacks • Attack frequency, size and sources • Where and when DDoSers strike • How and why attackers are building DDoS botnets from devices other than PCs and servers • Details of a record-breaking 321 Gbps DDoS attack • Syrian Electronic Army (SEA) phishing attacks target third-party content providers

The more you know about cybersecurity, the better you can protect your network against cybercrime. Download the free the Q3 2014 State of the Internet – Security Report at http://www.stateoftheinternet.com/security-reports today.

About stateoftheinternet.com StateoftheInternet.com, brought to you by Akamai, serves as the home for content and information intended to provide an informed view into online connectivity and cybersecurity trends as well as related metrics, including Internet connection speeds, broadband adoption, mobile usage, outages, and cyber-attacks and threats. Visitors to www.stateoftheinternet.com can find current and archived versions of Akamai’s State of the Internet (Connectivity and Security) reports, the company’s data visualizations, and other resources designed to help put context around the ever-changing Internet landscape.