Newly released data shows that distributed denial of service (DDoS) and web application attacks are on the rise once again, according to the Second Quarter, 2017 State of the Internet / Security Report released by Akamai Technologies, Inc. (NASDAQ: AKAM). Contributing to this rise was the PBot DDoS malware which re-emerged as the foundation for the strongest DDoS attacks seen by Akamai this quarter.

 

In the case of PBot, malicious actors used decades-old PHP code to generate the largest DDoS attack observed by Akamai in the second quarter. Attackers were able to create a mini-DDoS botnet capable of launching a 75 gigabit per second (Gbps) DDoS attack. Interestingly, the Pbot botnet was comprised of a relatively small 400 nodes, yet still able to generate a significant level of attack traffic.

 

Another entry on the “everything old is new again” list is represented by the Akamai Enterprise Threat Research Team’s analysis of the use of Domain Generation Algorithms (DGA) in malware Command and Control (C2) infrastructure. Although first introduced with the Conficker worm in 2008, DGA has remained a frequently used communication technique for today’s malware. The team found that infected networks generated approximately 15 times the DNS lookup rate of a clean network. This can be explained as the outcome of access to randomly generated domains by the malware on the infected networks. Since most of the generated domains were not registered, trying to access all of them created a lot of noise. Analyzing the difference between behavioral characteristics of infected versus clean networks is one important way of identifying malware activity.

 

When the Mirai botnet was discovered last September, Akamai was one of its first targets. The company’s platform continued to receive and successfully defended against attacks from the Mirai botnet thereafter. Akamai researchers have used the company’s unique visibility into Mirai to study different aspects of the botnet, most specifically in the second quarter, its C2 infrastructure. Akamai research offers a strong indication that Mirai, like many other botnets, is now contributing to the commoditization of DDoS. While many of the botnet’s C2 nodes were observed conducting “dedicated attacks” against select IPs, even more were noted as participating in what would be considered “pay-for-play” attacks. In these situations, Mirai C2 nodes were observed attacking IPs for a short duration, going inactive and then re-emerging to attack different targets.

 

“Attackers are constantly probing for weaknesses in the defenses of enterprises, and the more common, the more effective a vulnerability is, the more energy and resources hackers will devote to it,” said Martin McKeay, Akamai senior security advocate. “Events like the Mirai botnet, the exploitation used by WannaCry and Petya, the continued rise of SQLi attacks and the re-emergence of PBot all illustrate how attackers will not only migrate to new tools but also return to old tools that have previously proven highly effective.”

 

By the Numbers:

 

Other key findings from the report include:

●The number of DDoS attacks in Q2 increased by 28 percent quarter over quarter following three quarters of decline.

●DDoS attackers are more persistent than ever, attacking targets an average of 32 times over the quarter. One gaming company was attacked 558 times or approximately six times a day on average.

●Egypt was the origin of the greatest number of unique IP addresses used in frequent DDoS attacks with 32 percent of the global total. Last quarter, the United States held that spot and Egypt was not among the top five.

●Fewer devices were used to launch DDoS attacks this quarter. The number of IP addresses involved in volumetric DDoS attacks dropped 98 percent from 595,000 to 11,000.

●The incidence of Web application attacks increased five percent quarter-over-quarter and 28 percent year-over-year

●SQLi attacks were used in more than half (51 percent) of web application attacks this quarter-up from 44 percent last quarter-generating nearly 185 million alerts in the second quarter alone.

 

A complimentary copy of the Q2 2017 State of the Internet / Security Report is available for download at https://akamai.me/2i9vrdz. Download individual charts and graphs, including associated at https://akamai.me/2w6mI1v.

 

Methodology

 

The Akamai Second Quarter, 2017 State of the Internet / Security Report combines attack data from across Akamai’s global infrastructure and represents the research of a diverse set of teams throughout the company. The report provides analysis of the current cloud security and threat landscape, as well as insight into attack trends using data gathered from the Akamai Intelligent Platform. The contributors to the State of the Internet / Security Report include security professionals from across Akamai, including the Security Intelligence Response Team (SIRT), the Threat Research Unit, Information Security, and the Custom Analytics group.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Human Error: Leading Cause of Cybersecurity Breaches According to a Study
Techworld Date Posted: 28 May 2018 11:15 AM | 364 Views
A new worldwide study cited by leading DDoS Mitigation service provider IPC (IP Converge Data Services, Inc.) reveal that a lack of skills among employees is a critical barrier holding enterprises back from implementing.... See More
 
Human Error: Leading Cause of Cybersecurity Breaches According to a Study
Techworld Date Posted: 11:15 AM | 364 Views
A new worldwide study cited by leading DDoS Mitigation service provider IPC (IP Converge Data Services, Inc.) reveal that a lack of skills among employees is a critical barrier holding enterprises back from implementing...See More

 
Transcend Provides a Full Range of Solutions for Upgrading Mac Computers
Techworld Date Posted: 29 November 2017 4:36 PM | 240 Views
Transcend Information, a worldwide leader in storage and multimedia products, is proud to a full range of Apple solutions for upgrading Mac computers.. See More
 
Transcend Provides a Full Range of Solutions for Upgrading Mac Computers
Techworld Date Posted: 4:36 PM | 240 Views
Transcend Information, a worldwide leader in storage and multimedia products, is proud to a full range of Apple solutions for upgrading Mac computers.See More

 
Nokia 8 Takes Its First Bite of Oreo™
Techworld Date Posted: 28 November 2017 10:24 AM | 268 Views
HMD Global, the home of Nokia phones, is excited to announce that Android™ 8.0 Oreo™ is now available for the Nokia 8. . See More
 
Nokia 8 Takes Its First Bite of Oreo™
Techworld Date Posted: 10:24 AM | 268 Views
HMD Global, the home of Nokia phones, is excited to announce that Android™ 8.0 Oreo™ is now available for the Nokia 8. See More

 
CORSAIR Launches New PSU, Coolers and Case at CES 2018
Techworld Date Posted: 9 January 2018 1:50 PM | 337 Views
CORSAIR®, a world leader in enthusiast memory, high-performance gaming hardware and PC components, today launched a range of PC enthusiast products, equipped with a host of new innovations and features to help PC builders.... See More
 
CORSAIR Launches New PSU, Coolers and Case at CES 2018
Techworld Date Posted: 1:50 PM | 337 Views
CORSAIR®, a world leader in enthusiast memory, high-performance gaming hardware and PC components, today launched a range of PC enthusiast products, equipped with a host of new innovations and features to help PC builders...See More

 
ASUS Republic of Gamers Announces ROG Swift PG65 Big Format Gaming Display with NVIDIA G-SYNC at CES 2018
Techworld Date Posted: 8 January 2018 4:30 PM | 351 Views
ASUS Republic of Gamers (ROG) today announced that it will unveil the new ROG Swift PG65 big format gaming display (BFGD) with NVIDIA® G-SYNC® at CES® 2018 in Las Vegas.. See More
 
ASUS Republic of Gamers Announces ROG Swift PG65 Big Format Gaming Display with NVIDIA G-SYNC at CES 2018
Techworld Date Posted: 4:30 PM | 351 Views
ASUS Republic of Gamers (ROG) today announced that it will unveil the new ROG Swift PG65 big format gaming display (BFGD) with NVIDIA® G-SYNC® at CES® 2018 in Las Vegas.See More

 
Businesses Stuck in a DDoS-Daze as Ineffective Strategies Leave Them Vulnerable to Attack
Techworld Date Posted: 22 May 2018 10:15 AM | 346 Views
Research from Kaspersky Lab has revealed that businesses are falling behind in the race to protect themselves from Distributed Denial of Service (DDoS) attacks, due a reliance on others to do the job for.... See More
 
Businesses Stuck in a DDoS-Daze as Ineffective Strategies Leave Them Vulnerable to Attack
Techworld Date Posted: 10:15 AM | 346 Views
Research from Kaspersky Lab has revealed that businesses are falling behind in the race to protect themselves from Distributed Denial of Service (DDoS) attacks, due a reliance on others to do the job for...See More

 
Q3 2017 Akamai State of the Internet / Security Report Reveals Significant Increase in Web Application Security Attacks, Evolution of Attacker Strategies
Techworld Date Posted: 1 December 2017 3:40 PM | 289 Views
Newly released data shows that web application attacks continued to rise significantly in both the quarter-over-quarter and year-over-year timeframes, according to the Third Quarter, 2017 State of the Internet / Security Report released by.... See More
 
Q3 2017 Akamai State of the Internet / Security Report Reveals Significant Increase in Web Application Security Attacks, Evolution of Attacker Strategies
Techworld Date Posted: 3:40 PM | 289 Views
Newly released data shows that web application attacks continued to rise significantly in both the quarter-over-quarter and year-over-year timeframes, according to the Third Quarter, 2017 State of the Internet / Security Report released by...See More

 
Kaspersky Lab Uncovers Hacked Servers Used by Lazarus to Control Operations
Techworld Date Posted: 25 October 2017 1:33 PM | 308 Views
While researching the latest activities of the infamous cybercrime group Lazarus, Kaspersky Lab has uncovered a number of compromised servers being used as part of the threat actor’s global command and control infrastructure. . See More
 
Kaspersky Lab Uncovers Hacked Servers Used by Lazarus to Control Operations
Techworld Date Posted: 1:33 PM | 308 Views
While researching the latest activities of the infamous cybercrime group Lazarus, Kaspersky Lab has uncovered a number of compromised servers being used as part of the threat actor’s global command and control infrastructure. See More

PCBG Contributing Writer
Making Money from Lootboxes
Techworld • By: PCBG Contributing Writer | Date Posted: 6 March 2018 4:10 PM | 236 Views
Some people make money from gaming. There are gaming commentators on the web. Some play in tournaments. Others develop gaming apps. But what if you’re just some guy on your computer seat, and you’re.... See More
PCBG Contributing Writer
Making Money from Lootboxes
Techworld • By: PCBG Contributing Writer | Date Posted: 4:10 PM | 236 Views
Some people make money from gaming. There are gaming commentators on the web. Some play in tournaments. Others develop gaming apps. But what if you’re just some guy on your computer seat, and you’re...See More

 
Fake Facebook Sites Account for 60% of Social Network Phishing in Early 2018
Techworld Date Posted: 24 May 2018 1:32 PM | 240 Views
In the first quarter of 2018, Kaspersky Lab’s anti-phishing technologies prevented more than 3.6 million attempts to visit fraudulent social network pages, of which 60% were fake Facebook pages. The results, according to Kaspersky.... See More
 
Fake Facebook Sites Account for 60% of Social Network Phishing in Early 2018
Techworld Date Posted: 1:32 PM | 240 Views
In the first quarter of 2018, Kaspersky Lab’s anti-phishing technologies prevented more than 3.6 million attempts to visit fraudulent social network pages, of which 60% were fake Facebook pages. The results, according to Kaspersky...See More


Power by

Download Free AZ | Free Wordpress Themes