Akamai Releases First Quarter 2015 ‘State of the Internet’ Report

Kuala Lumpur, Malaysia (June 25, 2015) – Akamai Technologies, Inc. (NASDAQ: AKAM), the global leader in content delivery network (CDN) services, today released its First Quarter, 2015 State of the Internet Report. Based on data gathered from the Akamai Intelligent Platform™, the report provides insight into key global statistics such as connection speeds, broadband adoption across fixed and mobile networks, and IPv4 exhaustion and IPv6 implementation.

Beginning this quarter, security-related content that was previously included in the State of the Internet Report, including data on attack traffic seen across the Akamai platform and insights into high-profile security vulnerabilities and attacks, is now published in a separate State of the Internet / Security Report.

Data and graphics from the First Quarter, 2015 State of the Internet Report can be found on the Akamai State of the Internet site and through the Akamai State of the Internet app for iOS and Android devices. State of the Internet Report-related discussions are also taking place on the Akamai Community.

“We saw generally positive results across all of the key metrics during the first quarter of 2015,” said David Belson, editor of the report. “The increase in global broadband speeds demonstrates an ongoing commitment to higher standards. While connectivity will continue to differ across many regions, we see the highest broadband speeds in countries/regions with high population densities and strong government backing or support, as well as those that foster competition among Internet providers.”

Highlights from Akamai’s First Quarter, 2015 State of the Internet Report:

Global Average Connection Speeds and Global Broadband Connectivity

In the first quarter of 2015, the global average connection speed for the first time reached 5 Mbps, a 10% increase over the previous quarter. Quarterly global average connection speeds among the top 10 countries all remained well above 10 Mbps, and six of the 10 had average speeds above 15 Mbps, as Ireland (17.4 Mbps), Sweden (15.8 Mbps) and the Netherlands (15.3 Mbps) joined South Korea (23.6 Mbps), Hong Kong (16.7 Mbps) and Japan (15.2 Mbps) in exceeding this benchmark in the first quarter. Globally, a total of 131 qualifying countries/regions saw average connection speeds increase in the first quarter, with growth rates ranging from 128% in Fiji (6.2 Mbps) to a modest 0.4% in Japan (15.2 Mbps). Year-over-year changes were consistently positive among the top 10, with Ireland (17.4 Mbps), Norway (14.1 Mbps) and Sweden (15.8 Mbps) all posting yearly increases of more than 30%.

In the first quarter, global average peak connection speeds increased 8.2% to 29.1 Mbps. Speeds increased across the board among countries/regions in the top 10, led by Kuwait (76.5 Mbps) and Mongolia (68.9 Mbps) with impressive gains of 126% and 72%, respectively. Singapore (98.5 Mbps) rose 17% to overtake Hong Kong as the country/region with the highest average peak connection speed. All of the top 10 countries/regions saw average peak speeds greater than 65 Mbps. On a global basis, 124 out of 144 qualifying countries/regions experienced average peak connection speed increases from the fourth quarter, with growth ranging from 0.2% in Puerto Rico (41.2 Mbps) to 126% in Kuwait (76.5 Mbps). Average peak connection speeds in 136 countries/regions increased from the first quarter of 2014.

For the first time, the State of the Internet is reporting on the percentage of IP addresses connecting to Akamai at average speeds of above 25 Mbps, the new benchmark broadband speed adopted by the U.S. Federal Communications Commission in January 2015. Globally, 4.6% of unique IP addresses connected to Akamai at average connection speeds of at least 25 Mbps, a 12% increase over the previous quarter. Similar to the 10 Mbps and 15 Mbps metrics, South Korea led the world in 25 Mbps broadband adoption, with a 31% adoption rate. Its rate was nearly double that of second-place Hong Kong (17% adoption). Year-over-year, the global 25 Mbps adoption rate grew 20%, and all of the top 10 countries/regions posted gains except South Korea, which saw a 5.9% decline compared with the first quarter of 2014. In the United States, five states had 10% or more of unique IP addresses connect to Akamai at average speeds of at least 25 Mbps.

The global percentage of unique IP addresses connecting to Akamai that met the 4 Mbps broadband speed threshold increased 6.6% to 63%, revealing strength across the board in contrast to the previous quarter’s slight decline in this metric. Globally, 107 countries/regions qualified for inclusion for this metric, and 100 of them saw quarterly growth in 4 Mbps broadband adoption rates, up from 76 in the previous quarter. Year-over-year growth rates ranged from 0.1% in Jamaica (43% adoption) to 1,402% in Algeria (3.3% adoption).

In the first quarter of 2015, 26% of unique IP addresses globally connected to Akamai at average speeds above 10 Mbps, an 11% quarterly increase that is significantly greater than the previous quarter’s modest 2.9% gain. Seven of the top 10 countries/regions saw quarter-over-quarter increases, ranging from 3.9% in Switzerland (59% adoption) to 21% in Bulgaria (55% adoption). Among the 68 qualifying countries/regions, 60 saw quarter-over-quarter increases. In terms of year-over-year changes, there was a 27% increase globally in the percentage of unique IP addresses connecting to Akamai at average speeds above 10 Mbps.

Fourteen percent of unique IP addresses globally connected to Akamai at average connection speeds of 15 Mbps or above, up from 12% in the fourth quarter. Despite declining for the second quarter in a row, South Korea remained the clear leader in 15 Mbps broadband adoption with a 58% adoption rate after a 4.9% quarterly decrease. Overall, quarterly gains were seen in 46 qualifying regions/countries, compared with only 35 in the previous quarter. Year-over-year, the global 15 Mbps adoption rate grew 29% with strong gains among all of the top 10, except in South Korea, which had a 4.2% decline compared with the first quarter of 2014.

IPv4 and IPv6

Continuing with the trend seen in the fourth quarter of 2014, the number of unique IPv4 addresses worldwide connecting to Akamai grew by nearly 10 million in the first quarter. Among the top 10 countries in the first quarter, the United Kingdom and Japan showed the largest quarterly gains at 5.7% and 5.1%, respectively. Brazil saw the largest year-over-year increase at 17%. Six other countries on the list saw yearly increases, ranging from Japan’s 11% to Russia’s 2.5%. On a global basis, two-thirds of countries/regions around the world had higher unique IPv4 address counts year-over-year.

European countries continued to dominate the 10 countries/regions with the largest percentage of content requests made to Akamai over IPv6 in the first quarter of 2015. Similar to last quarter, Belgium maintained its clear lead, with one-third of content requests being made over IPv6, more than double the percentage of second-place Germany. As with the previous quarter, the only two non-European countries among the top 10 were the U.S. and Peru, both of which saw double-digit quarterly improvements and ended the quarter with 14% and 13% adoption rates, respectively. Verizon Wireless and Brutele saw more than half of their requests to Akamai made over IPv6, and both showed increases from the previous quarter.

Mobile Connectivity

In the First Quarter, 2015 State of the Internet Report, 62 countries/regions qualified for inclusion in the mobile section. The United Kingdom had the fastest average connection speed at 20.4 Mbps, a 28% increase from the previous quarter. Denmark was again in second place, at 10 Mbps. Vietnam had the lowest average connection speed, at 1.3 Mbps.

Average peak mobile connection speeds again spanned an extremely broad range in the first quarter, from 149.3 Mbps in Australia down to 8.2 Mbps in Indonesia. A total of four countries – Australia (149.3 Mbps), Japan (126 Mbps), Singapore (116.4 Mbps) and Thailand (105.4 Mbps) – posted average peak speeds above 100 Mbps, up from two countries in the fourth quarter. Perhaps due in part to rollouts of higher speed mobile technologies like LTE-A, the successor of 4G LTE, a total of 15 countries had average peak speeds above 50 Mbps, a large increase from just four in the previous quarter.

Denmark led the way in the percentage of unique IP addresses connecting to Akamai from mobile network providers within the qualifying countries/regions at average speeds of over 4 Mbps with a 98% adoption rate. It was followed closely by Sweden (97% adoption), Venezuela (97% adoption), Australia (96% adoption) and the United Kingdom (95% adoption). Vietnam, Iran, Kazakhstan, and Bolivia all had rates below 1%.

State of the Internet Report Editor David Belson will respond to “Ask the Expert” questions submitted via the Akamai Community Wednesday, June 24, through Friday, June 26.

About the Akamai State of the Internet Report

Each quarter, Akamai publishes a “State of the Internet” report. This report includes data gathered from across the Akamai Intelligent Platform about attack traffic, broadband adoption, mobile connectivity and other relevant topics concerning the Internet and its usage, as well as trends seen in this data over time. For additional information on the metrics in the report and how they are analyzed, please visit http://akamai.me/sotimetrics. To learn more and to access the archive of past reports, please visit http://www.stateoftheinternet.com/soti-reports. To download the figures from the First Quarter, 2015 State of the Internet Report, please visit: http://wwwns.akamai.com/soti/soti_q115_figures.zip. 

Akamai Releases Q1 2015 State of the Internet – Security Report

Kuala Lumpur – May 21, 2015 – Akamai Technologies, Inc. (NASDAQ: AKAM), the global leader in content delivery network (CDN) services, today announced the availability of the Q1 2015 State of the Internet – Security Report. This quarter’s report, which provides analysis and insight into the global cloud security threat landscape, can be downloaded at www.stateoftheinternet.com/security-report.

“In the Q1 2015 report, we’ve analyzed thousands of distributed denial of service (DDoS) attacks observed across the PLXrouted network as well as nearly millions of web application attack triggers across the Akamai Edge network. By bringing in the web application attack data, along with in-depth reports from all of our security research teams, we’re able to provide a more holistic view of the Internet and the attacks that occur on a daily basis,” said John Summers, vice president, Cloud Security Business Unit, Akamai. “This is our biggest and best security report yet. This report provides an in-depth look at DDoS attacks, and sets a baseline for web application attack triggers, so we will be able to report on attack trends for both the network and application layers in our future reports.”

DDoS attack activity soars

Q1 2015 set a record for the number of DDoS attacks observed across the PLXrouted network – more than double the number recorded in Q1 2014 – and a jump of more than 35 percent compared to last quarter. However, the attack profile has changed. Last year, high bandwidth and short duration attacks were the norm. But in Q1 2015, the typical DDoS attack was less than 10 gigabits per second (Gbps) and endured for more than 24 hours. There were eight mega-attacks in Q1, each exceeding 100 Gbps. While that was one fewer mega-attack than in Q4 2014, such large attacks were rarely seen a year ago. The largest DDoS attack observed in Q1 2015 peaked at 170 Gbps.

During the past year, DDoS attack vectors have also shifted. This quarter, Simple Service Discovery Protocol (SSDP) attacks accounted for more than 20 percent of the attack vectors, while SSDP attacks were not observed at all in Q1 or Q2 2014. SSDP comes enabled by default on millions of home and office devices—including routers, media servers, web cams, smart TVs and printers—to allow them to discover each other on a network, establish communication and coordinate activities. If left unsecured and/or misconfigured, these home-based, Internet-connected devices can be harnessed for use as reflectors.

During Q1 2015, the gaming sector was once again hit with more DDoS attacks than any other industry. Gaming has remained the most targeted industry since Q2 2014, consistently being targeted in 35 percent of DDoS attacks. The software and technology sector was the second most targeted industry in Q1 2015, with 25 percent of the attacks.

Compared to Q1 2014

  • 116.5 percent increase in total DDoS attacks
  • 59.83 percent increase in application layer (Layer 7) DDoS attacks
  • 124.69 percent increase in infrastructure layer (Layer 3 & 4) DDoS attacks
  • 42.8 percent increase in the average attack duration: 24.82 vs. 17.38 hours

Compared to Q4 2014

  • 35.24 percent increase in total DDoS attacks
  • 22.22 percent increase in application layer (Layer 7) DDoS attacks
  • 36.74 percent increase in infrastructure layer (Layer 3 & 4) DDoS attacks
  • 15.37 percent decrease in average attack Duration: 24.82 vs. 29.33 hours

A look at seven common web application attack vectors

For the Q1 2015 report, Akamai concentrated its analysis on seven common web application attack vectors, which accounted for 178.85 million web application attacks observed on the Akamai Edge network. These vectors included SQL injection (SQLi), local file inclusion (LFI), remote file inclusion (RFI), PHP injection (PHPi), command injection (CMDi), OGNL Java injection (JAVAi) and malicious file upload (MFU).1

During Q1 2015, more than 66 percent of the web application attacks were attributed to LFI attacks. This was fueled by a massive campaign against two large retailers in March, targeting the WordPress RevSlider plugin.

SQLi attacks were also quite common, making up more than 29 percent of web application attacks. A substantial portion of the SQLi attacks was related to attack campaigns against two companies in the travel and hospitality industry. The other five attack vectors collectively made up the remaining five percent of attacks.

Accordingly, the retail sector was the hardest hit by web application attacks, followed by the media and entertainment and hotel and travel sectors.

The growing threat of booter/stresser sites

The menu of easy-to-use attack vectors found in the DDoS-for-hire market can make it easy to dismiss the effectiveness of attackers who use them. A year ago, peak attack traffic using these tactics from booter/stresser sites typically measured 10-20 Gbps per second. Now these attack sites have become more dangerous, capable of launching attacks in excess of 100 Gbps. With new reflection attack methods being added continually, such as SSDP, the potential damage from these is expected to continue increasing over time.

IPv6 adoption brings new security risks

IPv6 DDoS is not yet a common occurrence, but there are indications that malicious actors have started testing and researching IPv6 DDoS attack methods. A new set of risks and challenges associated with the transition to IPv6 are already affecting cloud providers as well as home and corporate network owners. Many IPv4 DDoS attacks can be replicated using IPv6 protocols, while some new attack vectors are directly related to the IPv6 architecture. Many of the features of IPv6 could enable attackers to bypass IPv4-based protections, creating a larger and possibly more effective DDoS attack surface. The Q1 security report outlines some of the risks and challenges that are ahead of us.

SQL injection attacks move beyond data theft

While SQL injection attacks have been documented since 1998, their uses have grown. The effects of these malicious queries can extend well beyond simple data exfiltration, potentially causing more damage than a data breach would have. These attacks can be used to elevate privileges, execute commands, infect or corrupt data, deny service, and more. Akamai researchers analyzed more than 8 million SQL injection attacks from Q1 2015 to uncover the most frequent methods and goals.

Website defacements and domain hijacking

Hundreds of web hosting companies provide web hosting for as little as a few dollars a month. In those cases, the hosting company may host multiple accounts on the same server. This can result in hundreds of domains and sites running under the same server IP address, potentially allowing malicious actors to hijack multiple web sites at once. Once one site has been compromised, a malicious actor can potentially traverse the server’s directories, potentially reading username and password lists, to access files from other customer accounts. This could include web site database credentials. With this information, attackers could gain the ability to change files on every site on the server. The Q1 security report includes an explanation of the vulnerability and recommended defensive measures.

Download the report

A complimentary copy of the Q1 2015 State of the Internet – Security Report is available as a free PDF download at www.stateoftheinternet.com/security-report