Akamai Releases Findings of Increased Attacks and More Aggressive Tactics from DD4BC Extortionist Group
Kula Lumpur – September 10, 2015 – Akamai Technologies, Inc. (NASDAQ: AKAM), the global leader in content delivery network (CDN) services, published today, through the company’s Prolexic Security Engineering & Research Team (PLXsert), a new cybersecurity case study. Akamai shared details of an increase in distributed denial of service (DDoS) attacks from the Bitcoin extortionist group DD4BC, based on PLXsert’s observation of attack traffic targeted at customers from September 2014 through August 2015. Since April 2015, the team identified 114 DD4BC attacks, including more aggressive measures that target brand reputation through social media. The full report is available for download here: www.stateoftheinternet.com/dd4bc-case.
“DD4BC has been using the threat of DDoS attacks to secure Bitcoin payments from its victims for protection against future attacks,” said Stuart Scholly, Senior Vice President & General Manager, Security Division at Akamai. “The latest attacks – focused primarily on the financial service industry – involved new strategies and tactics intended to harass, extort and ultimately embarrass the victim publically.”
What is the DD4BC Group, and How Does it Operate?
The DD4BC group has been responsible for a large number of Bitcoin extortion campaigns dating back to 2014. In the past year, the group expanded its extortion and DDoS campaigns to target a wider array of business sectors – including financial services, media and entertainment, online gaming and retailers. The group has used e-mail to inform its target that a low-level DDoS attack will be launched against the victim’s website. From June through July 2015, the attacks increased from low-level to more than 20
Gbps in some cases. The group would then demand a Bitcoin ransom to protect the company from a larger DDoS attack designed to make its website inaccessible.
PLXsert released a history of the group’s activities that can be found in Akamai’s Security Bulletin: DD4BC Operation Profile, published in April 2015.
DD4BC Using Social Media to Exploit Organizations
According to research from PLXsert, DD4BC recently threatened to expose targeted organizations via social media, adding to the damage caused by the DDoS attack itself. The goal apparently is to garner more attention for the group’s ability to create service disruptions by publicly embarrassing the target and tarnishing the company’s reputation through these wide-reaching channels.
The group’s methodology typically includes use of multi-vector DDoS attack campaigns, revisiting former targets and also incorporating Layer 7 DDoS in multi-vector attacks, specifically concentrating on the WordPress pingback vulnerability. This vulnerability is exploited to repeatedly send reflected GET requests to the target to overload the website. Akamai researchers have seen this attack method incorporated into DDoS booter suite frameworks.
Since September 2014, the Akamai PLXsert has observed a total of 141 confirmed DD4BC attacks against Akamai customers. Of those attacks, the average bandwidth was 13.34 Gbps, with the largest DDoS attack reported at 56.2 Gbps.
To help protect against extortionist group DD4BC, and subsequent DDoS attacks, Akamai recommends the following defensive measures:
- Deploy anomaly- and signature-based DDoS detection methods to identify attacks before a website becomes unavailable to users.
- Distribute resources to increase resiliency and avoid single points of failure due to an attack.
- Implement Layer 7 DDoS mitigation appliances on the network in strategic locations to reduce the threat for critical application servers.
Akamai and PLXsert will continue to monitor ongoing threats, campaigns and methodologies used by DD4BC. To learn more about the group and its specific threats and mitigation techniques, please download a complimentary copy of the threat advisory at www.stateoftheinternet.com.
Kuala Lumpur, Malaysia (June 25, 2015) – Akamai Technologies, Inc. (NASDAQ: AKAM), the global leader in content delivery network (CDN) services, today released its First Quarter, 2015 State of the Internet Report. Based on data gathered from the Akamai Intelligent Platform™, the report provides insight into key global statistics such as connection speeds, broadband adoption across fixed and mobile networks, and IPv4 exhaustion and IPv6 implementation.
Beginning this quarter, security-related content that was previously included in the State of the Internet Report, including data on attack traffic seen across the Akamai platform and insights into high-profile security vulnerabilities and attacks, is now published in a separate State of the Internet / Security Report.
Data and graphics from the First Quarter, 2015 State of the Internet Report can be found on the Akamai State of the Internet site and through the Akamai State of the Internet app for iOS and Android devices. State of the Internet Report-related discussions are also taking place on the Akamai Community.
“We saw generally positive results across all of the key metrics during the first quarter of 2015,” said David Belson, editor of the report. “The increase in global broadband speeds demonstrates an ongoing commitment to higher standards. While connectivity will continue to differ across many regions, we see the highest broadband speeds in countries/regions with high population densities and strong government backing or support, as well as those that foster competition among Internet providers.”
Highlights from Akamai’s First Quarter, 2015 State of the Internet Report:
Global Average Connection Speeds and Global Broadband Connectivity
In the first quarter of 2015, the global average connection speed for the first time reached 5 Mbps, a 10% increase over the previous quarter. Quarterly global average connection speeds among the top 10 countries all remained well above 10 Mbps, and six of the 10 had average speeds above 15 Mbps, as Ireland (17.4 Mbps), Sweden (15.8 Mbps) and the Netherlands (15.3 Mbps) joined South Korea (23.6 Mbps), Hong Kong (16.7 Mbps) and Japan (15.2 Mbps) in exceeding this benchmark in the first quarter. Globally, a total of 131 qualifying countries/regions saw average connection speeds increase in the first quarter, with growth rates ranging from 128% in Fiji (6.2 Mbps) to a modest 0.4% in Japan (15.2 Mbps). Year-over-year changes were consistently positive among the top 10, with Ireland (17.4 Mbps), Norway (14.1 Mbps) and Sweden (15.8 Mbps) all posting yearly increases of more than 30%.
In the first quarter, global average peak connection speeds increased 8.2% to 29.1 Mbps. Speeds increased across the board among countries/regions in the top 10, led by Kuwait (76.5 Mbps) and Mongolia (68.9 Mbps) with impressive gains of 126% and 72%, respectively. Singapore (98.5 Mbps) rose 17% to overtake Hong Kong as the country/region with the highest average peak connection speed. All of the top 10 countries/regions saw average peak speeds greater than 65 Mbps. On a global basis, 124 out of 144 qualifying countries/regions experienced average peak connection speed increases from the fourth quarter, with growth ranging from 0.2% in Puerto Rico (41.2 Mbps) to 126% in Kuwait (76.5 Mbps). Average peak connection speeds in 136 countries/regions increased from the first quarter of 2014.
For the first time, the State of the Internet is reporting on the percentage of IP addresses connecting to Akamai at average speeds of above 25 Mbps, the new benchmark broadband speed adopted by the U.S. Federal Communications Commission in January 2015. Globally, 4.6% of unique IP addresses connected to Akamai at average connection speeds of at least 25 Mbps, a 12% increase over the previous quarter. Similar to the 10 Mbps and 15 Mbps metrics, South Korea led the world in 25 Mbps broadband adoption, with a 31% adoption rate. Its rate was nearly double that of second-place Hong Kong (17% adoption). Year-over-year, the global 25 Mbps adoption rate grew 20%, and all of the top 10 countries/regions posted gains except South Korea, which saw a 5.9% decline compared with the first quarter of 2014. In the United States, five states had 10% or more of unique IP addresses connect to Akamai at average speeds of at least 25 Mbps.
The global percentage of unique IP addresses connecting to Akamai that met the 4 Mbps broadband speed threshold increased 6.6% to 63%, revealing strength across the board in contrast to the previous quarter’s slight decline in this metric. Globally, 107 countries/regions qualified for inclusion for this metric, and 100 of them saw quarterly growth in 4 Mbps broadband adoption rates, up from 76 in the previous quarter. Year-over-year growth rates ranged from 0.1% in Jamaica (43% adoption) to 1,402% in Algeria (3.3% adoption).
In the first quarter of 2015, 26% of unique IP addresses globally connected to Akamai at average speeds above 10 Mbps, an 11% quarterly increase that is significantly greater than the previous quarter’s modest 2.9% gain. Seven of the top 10 countries/regions saw quarter-over-quarter increases, ranging from 3.9% in Switzerland (59% adoption) to 21% in Bulgaria (55% adoption). Among the 68 qualifying countries/regions, 60 saw quarter-over-quarter increases. In terms of year-over-year changes, there was a 27% increase globally in the percentage of unique IP addresses connecting to Akamai at average speeds above 10 Mbps.
Fourteen percent of unique IP addresses globally connected to Akamai at average connection speeds of 15 Mbps or above, up from 12% in the fourth quarter. Despite declining for the second quarter in a row, South Korea remained the clear leader in 15 Mbps broadband adoption with a 58% adoption rate after a 4.9% quarterly decrease. Overall, quarterly gains were seen in 46 qualifying regions/countries, compared with only 35 in the previous quarter. Year-over-year, the global 15 Mbps adoption rate grew 29% with strong gains among all of the top 10, except in South Korea, which had a 4.2% decline compared with the first quarter of 2014.
IPv4 and IPv6
Continuing with the trend seen in the fourth quarter of 2014, the number of unique IPv4 addresses worldwide connecting to Akamai grew by nearly 10 million in the first quarter. Among the top 10 countries in the first quarter, the United Kingdom and Japan showed the largest quarterly gains at 5.7% and 5.1%, respectively. Brazil saw the largest year-over-year increase at 17%. Six other countries on the list saw yearly increases, ranging from Japan’s 11% to Russia’s 2.5%. On a global basis, two-thirds of countries/regions around the world had higher unique IPv4 address counts year-over-year.
European countries continued to dominate the 10 countries/regions with the largest percentage of content requests made to Akamai over IPv6 in the first quarter of 2015. Similar to last quarter, Belgium maintained its clear lead, with one-third of content requests being made over IPv6, more than double the percentage of second-place Germany. As with the previous quarter, the only two non-European countries among the top 10 were the U.S. and Peru, both of which saw double-digit quarterly improvements and ended the quarter with 14% and 13% adoption rates, respectively. Verizon Wireless and Brutele saw more than half of their requests to Akamai made over IPv6, and both showed increases from the previous quarter.
In the First Quarter, 2015 State of the Internet Report, 62 countries/regions qualified for inclusion in the mobile section. The United Kingdom had the fastest average connection speed at 20.4 Mbps, a 28% increase from the previous quarter. Denmark was again in second place, at 10 Mbps. Vietnam had the lowest average connection speed, at 1.3 Mbps.
Average peak mobile connection speeds again spanned an extremely broad range in the first quarter, from 149.3 Mbps in Australia down to 8.2 Mbps in Indonesia. A total of four countries – Australia (149.3 Mbps), Japan (126 Mbps), Singapore (116.4 Mbps) and Thailand (105.4 Mbps) – posted average peak speeds above 100 Mbps, up from two countries in the fourth quarter. Perhaps due in part to rollouts of higher speed mobile technologies like LTE-A, the successor of 4G LTE, a total of 15 countries had average peak speeds above 50 Mbps, a large increase from just four in the previous quarter.
Denmark led the way in the percentage of unique IP addresses connecting to Akamai from mobile network providers within the qualifying countries/regions at average speeds of over 4 Mbps with a 98% adoption rate. It was followed closely by Sweden (97% adoption), Venezuela (97% adoption), Australia (96% adoption) and the United Kingdom (95% adoption). Vietnam, Iran, Kazakhstan, and Bolivia all had rates below 1%.
State of the Internet Report Editor David Belson will respond to “Ask the Expert” questions submitted via the Akamai Community Wednesday, June 24, through Friday, June 26.
About the Akamai State of the Internet Report
Each quarter, Akamai publishes a “State of the Internet” report. This report includes data gathered from across the Akamai Intelligent Platform about attack traffic, broadband adoption, mobile connectivity and other relevant topics concerning the Internet and its usage, as well as trends seen in this data over time. For additional information on the metrics in the report and how they are analyzed, please visit http://akamai.me/sotimetrics. To learn more and to access the archive of past reports, please visit http://www.stateoftheinternet.com/soti-reports. To download the figures from the First Quarter, 2015 State of the Internet Report, please visit: http://wwwns.akamai.com/soti/soti_q115_figures.zip.