Kuala Lumpur – May 21, 2015 – Akamai Technologies, Inc. (NASDAQ: AKAM), the global leader in content delivery network (CDN) services, today announced the availability of the Q1 2015 State of the Internet – Security Report. This quarter’s report, which provides analysis and insight into the global cloud security threat landscape, can be downloaded at www.stateoftheinternet.com/security-report.
“In the Q1 2015 report, we’ve analyzed thousands of distributed denial of service (DDoS) attacks observed across the PLXrouted network as well as nearly millions of web application attack triggers across the Akamai Edge network. By bringing in the web application attack data, along with in-depth reports from all of our security research teams, we’re able to provide a more holistic view of the Internet and the attacks that occur on a daily basis,” said John Summers, vice president, Cloud Security Business Unit, Akamai. “This is our biggest and best security report yet. This report provides an in-depth look at DDoS attacks, and sets a baseline for web application attack triggers, so we will be able to report on attack trends for both the network and application layers in our future reports.”
DDoS attack activity soars
Q1 2015 set a record for the number of DDoS attacks observed across the PLXrouted network – more than double the number recorded in Q1 2014 – and a jump of more than 35 percent compared to last quarter. However, the attack profile has changed. Last year, high bandwidth and short duration attacks were the norm. But in Q1 2015, the typical DDoS attack was less than 10 gigabits per second (Gbps) and endured for more than 24 hours. There were eight mega-attacks in Q1, each exceeding 100 Gbps. While that was one fewer mega-attack than in Q4 2014, such large attacks were rarely seen a year ago. The largest DDoS attack observed in Q1 2015 peaked at 170 Gbps.
During the past year, DDoS attack vectors have also shifted. This quarter, Simple Service Discovery Protocol (SSDP) attacks accounted for more than 20 percent of the attack vectors, while SSDP attacks were not observed at all in Q1 or Q2 2014. SSDP comes enabled by default on millions of home and office devices—including routers, media servers, web cams, smart TVs and printers—to allow them to discover each other on a network, establish communication and coordinate activities. If left unsecured and/or misconfigured, these home-based, Internet-connected devices can be harnessed for use as reflectors.
During Q1 2015, the gaming sector was once again hit with more DDoS attacks than any other industry. Gaming has remained the most targeted industry since Q2 2014, consistently being targeted in 35 percent of DDoS attacks. The software and technology sector was the second most targeted industry in Q1 2015, with 25 percent of the attacks.
Compared to Q1 2014
- 116.5 percent increase in total DDoS attacks
- 59.83 percent increase in application layer (Layer 7) DDoS attacks
- 124.69 percent increase in infrastructure layer (Layer 3 & 4) DDoS attacks
- 42.8 percent increase in the average attack duration: 24.82 vs. 17.38 hours
Compared to Q4 2014
- 35.24 percent increase in total DDoS attacks
- 22.22 percent increase in application layer (Layer 7) DDoS attacks
- 36.74 percent increase in infrastructure layer (Layer 3 & 4) DDoS attacks
- 15.37 percent decrease in average attack Duration: 24.82 vs. 29.33 hours
A look at seven common web application attack vectors
For the Q1 2015 report, Akamai concentrated its analysis on seven common web application attack vectors, which accounted for 178.85 million web application attacks observed on the Akamai Edge network. These vectors included SQL injection (SQLi), local file inclusion (LFI), remote file inclusion (RFI), PHP injection (PHPi), command injection (CMDi), OGNL Java injection (JAVAi) and malicious file upload (MFU).1
During Q1 2015, more than 66 percent of the web application attacks were attributed to LFI attacks. This was fueled by a massive campaign against two large retailers in March, targeting the WordPress RevSlider plugin.
SQLi attacks were also quite common, making up more than 29 percent of web application attacks. A substantial portion of the SQLi attacks was related to attack campaigns against two companies in the travel and hospitality industry. The other five attack vectors collectively made up the remaining five percent of attacks.
Accordingly, the retail sector was the hardest hit by web application attacks, followed by the media and entertainment and hotel and travel sectors.
The growing threat of booter/stresser sites
The menu of easy-to-use attack vectors found in the DDoS-for-hire market can make it easy to dismiss the effectiveness of attackers who use them. A year ago, peak attack traffic using these tactics from booter/stresser sites typically measured 10-20 Gbps per second. Now these attack sites have become more dangerous, capable of launching attacks in excess of 100 Gbps. With new reflection attack methods being added continually, such as SSDP, the potential damage from these is expected to continue increasing over time.
IPv6 adoption brings new security risks
IPv6 DDoS is not yet a common occurrence, but there are indications that malicious actors have started testing and researching IPv6 DDoS attack methods. A new set of risks and challenges associated with the transition to IPv6 are already affecting cloud providers as well as home and corporate network owners. Many IPv4 DDoS attacks can be replicated using IPv6 protocols, while some new attack vectors are directly related to the IPv6 architecture. Many of the features of IPv6 could enable attackers to bypass IPv4-based protections, creating a larger and possibly more effective DDoS attack surface. The Q1 security report outlines some of the risks and challenges that are ahead of us.
SQL injection attacks move beyond data theft
While SQL injection attacks have been documented since 1998, their uses have grown. The effects of these malicious queries can extend well beyond simple data exfiltration, potentially causing more damage than a data breach would have. These attacks can be used to elevate privileges, execute commands, infect or corrupt data, deny service, and more. Akamai researchers analyzed more than 8 million SQL injection attacks from Q1 2015 to uncover the most frequent methods and goals.
Website defacements and domain hijacking
Hundreds of web hosting companies provide web hosting for as little as a few dollars a month. In those cases, the hosting company may host multiple accounts on the same server. This can result in hundreds of domains and sites running under the same server IP address, potentially allowing malicious actors to hijack multiple web sites at once. Once one site has been compromised, a malicious actor can potentially traverse the server’s directories, potentially reading username and password lists, to access files from other customer accounts. This could include web site database credentials. With this information, attackers could gain the ability to change files on every site on the server. The Q1 security report includes an explanation of the vulnerability and recommended defensive measures.
Download the report
A complimentary copy of the Q1 2015 State of the Internet – Security Report is available as a free PDF download at www.stateoftheinternet.com/security-report
Akamai Introduces Two New Managed Security Service Offerings to Kona Family of Cloud Security Solutions
Kuala Lumpur, 16 April 2015 – Akamai Technologies, Inc. (NASDAQ: AKAM), the global leader in content delivery network (CDN) services, today introduced two new managed security service offerings available as part of the Company’s Cloud Security Solutions. Managed Kona Site Defender and Kona DDoS Defender are designed to provide customers with both proven security technology and world‑class security expertise to protect their websites and web applications from malicious activity, keeping them online and providing high performance, even in the midst of an attack.
For many enterprises, protecting against the wide ranging and constantly evolving security threats targeting web applications and websites requires more than just technology. Dedicated and specialised security expertise, able to identify and respond to the latest threats while maintaining availability and protecting sensitive data is just as important. Faced with competing business objectives and limited IT budgets, many IT organisations simply do not have the time, resources, or expert staff necessary to provide the best possible security for their websites and web applications.
For such organisations, Akamai is now making available two new offerings – Managed Kona Site Defender and Kona DDoS Defender. These newly introduced services are designed to provide customers with 24×7 monitoring and attack support through Akamai’s globally distributed Security Operations Center (SOC), staffed by more than 100 security experts at five locations worldwide. The Akamai global SOC teams, which average more than 10 years of collective web security experience and have earned crucial certifications such as CISSP, CISA, GPEN, GSEC, CEH, GSEC, GIAC, GWAPT, and MSIS, helps protect online brands from the web’s most insidious attacks every day.
Backed by Akamai’s threat research teams and Akamai Cloud Security Intelligence, the Akamai SOC provides a collective security model that can help organisations effectively respond to even the newest threats on the web. Akamai’s managed security services are designed to decrease response time and increase mitigation quality for all customers by institutionalising mitigation techniques and lessons learned beginning with the first time a single customer is attacked.
Akamai’s new managed security services include:
- Managed Kona Site Defender: An integrated web security service designed to augment an enterprise’s existing Kona Site Defender deployments with Akamai’s 24×7 SOC, resulting in more hands on protection against the latest DDoS and web application attacks. Managed Kona Site Defender offers emergency incident response with 24×7 monitoring and attack support as well as on-going management of customers’ security configurations and WAF tuning, regular threat update reviews and security drill facilitation.
- Kona DDoS Defender: A managed DDoS protection service that combines the advanced DDoS mitigation technologies of the Kona product family with Akamai’s 24×7 SOC. Kona DDoS Defender provides automated protection for websites and web applications against today’s most common DDoS attacks as well as custom analysis and mitigation of the latest and most sophisticated attacks.
“Web attacks are increasing in frequency, scale and complexity, and a successful attack can result in denial of service, the theft of user data, or significant financial loss, all of which can create serious implications for the business,” stated John Summers, vice president, Cloud Security, Akamai. “To build robust, long-term security strategies, enterprises need to consider going beyond simply employing the right security technology. Access to experts who are able to keep up with the changing threat landscape and provide round the clock support to identify and thwart potential attacks is a critical element to that successful security strategy.”