BANGALORE: The number of DDoS attacks more than doubled when compared to the same quarter of 2014 and jumped 35% in the first quarter of 2015 over the last quarter, a Akamai Security report said.
However, the attack profile has changed. Last year, high bandwidth and short duration attacks were the norm, but in Q1 2015, the typical DDoS attack was less than 10 gigabits per second (Gbps) and endured for more than 24 hours.
There were eight mega-attacks in Q1, each exceeding 100 Gbps. While that was one fewer mega-attack than in Q4 2014, such large attacks were rarely seen a year ago. The largest DDoS attack observed in Q1 2015 peaked at 170 Gbps, the report said.
“In the Q1 2015 report, we’ve analyzed thousands of distributed denial of service (DDoS) attacks observed across the PLX routed network as well as nearly millions of web application attack triggers across the Akamai Edge network.
By bringing in the web application attack data, along with in-depth reports from all of our security research teams, we’re able to provide a more holistic view of the Internet and the attacks that occur on a daily basis,” said John Summers, vice president, Cloud Security Business Unit, Akamai.
During the past year, DDoS attack vectors have also shifted. This quarter, Simple Service Discovery Protocol (SSDP) attacks accounted for more than 20 percent of the attack vectors, while SSDP attacks were not observed at all in Q1 or Q2 2014, the Akamai Technologies’ Q1 2015 State of the Internet – Security Report added.
SSDP comes enabled by default on millions of home and office devices—including routers, media servers, web cams, smart TVs and printers—to allow them to discover each other on a network, establish communication and coordinate activities. If left unsecured and/or misconfigured, these home-based, Internet-connected devices can be harnessed for use as reflectors.
During Q1 2015, the gaming sector was once again hit with more DDoS attacks than any other industry. Gaming has remained the most targeted industry since Q2 2014, consistently being targeted in 35 percent of DDoS attacks. The software and technology sector was the second most targeted industry in Q1 2015, with 25 percent of the attacks.