Akamai has released its Q1 2015 State of the Internet Security Report, which shows a massive increase in the number of DDoS attacks.
Compared to Q4 2014, 35% more DDoS attacks took place in early 2015, while compared to Q1 2014 there was a 117% increase in attacks.
Average attack bandwidth and volume decreased in Q1 2015, continuing a trend in which malicious actors favour smaller but longer-lasting attacks. Attack duration increased 43% over Q1 2014.
A notable exception to this trend were eight 100+Gbps attacks, including an attack that peaked at 170Gbps.
These DDoS attacks primarily targeted the gaming industry, which continues to be the most targeted industry.
SSDP attacks represented the top overall infrastructure-based attack. Because many SSDP reflection attacks exploit unsecured, in-home devices, many escape detection and mitigation.
The top three DDoS attacks vectors in Q1 2015 were: SSDP at 21% of all attacks, SYN floods at 16%, and UDP floods at 13%.
Infrastructure-layer attacks were by far the most common type of attack, outnumbering application-layer attacks by a ratio of 9:1.
Application-layer DDoS attacks continue to be a risk, though, as malicious actors favour attack scripts that leverage open proxies on the Internet.
In Q1 2015, HTTP get attacks were the most common application-layer DDoS attack – 7% of all DDoS attacks.
DDoS country participation
Q1 2015 saw a shift in source country participation in DDoS attacks. China was responsible for 23% of attacks, Germany 17%, and the US 12%.
This quarter’s top attack source country, China, had a 66% increase in attack source IPs compared to the US, though some of the increase in attack sources could be attributed to the increase in redirected traffic from Asia.
Most attacked industries
The gaming industry faced the most DDoS attacks, followed by Software and Technology, and Internet and Telecoms.