{"id":226593,"date":"2017-08-31T17:58:52","date_gmt":"2017-08-31T15:58:52","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=226593"},"modified":"2017-08-31T18:00:40","modified_gmt":"2017-08-31T16:00:40","slug":"ddos-attacks-on-the-rise","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/226593-ddos-attacks-on-the-rise.html","title":{"rendered":"DDoS attacks on the rise"},"content":{"rendered":"<p>Akamai has released its Q2 2017 State of the Internet Security Report, which shows that distributed denial of service (DDoS) and web application attacks are on the rise.<\/p>\n<p>Contributing to the rise was the PBot DDoS malware, which re-emerged as the foundation of the strongest DDoS attacks seen by Akamai in Q2.<\/p>\n<p>Attackers were able to create a mini-DDoS botnet capable of launching a 75Gbps DDoS attack.<\/p>\n<p>Interestingly, the Pbot botnet was comprised of only 400 nodes, yet was able to generate a significant level of attack traffic.<\/p>\n<h3 class=\"my-4\">Domain Generation Algorithms<\/h3>\n<p>Another entry on the \u201ceverything old is new again\u201d list was the use of Domain Generation Algorithms (DGA) in malware Command and Control (C2) infrastructure.<\/p>\n<p>Introduced with the Conficker worm in 2008, DGA has remained a frequently-used communication technique for modern malware.<\/p>\n<p>Akamai found that infected networks generated approximately 15-times the DNS lookup rate of a clean network.<\/p>\n<p>This was the outcome of access to randomly-generated domains by the malware on the infected networks, as most of the generated domains were not registered and trying to access them created a lot of noise.<\/p>\n<p>Akamai also used its &#8220;unique visibility&#8221; in defending\u00a0against attacks from the Mirai botnet in September 2016 and onward to study different aspects of the botnet &#8211; specifically its C2 infrastructure in Q2.<\/p>\n<p>Akamai said Mirai, like other botnets, is now contributing to the commoditization of DDoS.<\/p>\n<p>While many of the botnet\u2019s C2 nodes were observed conducting \u201cdedicated attacks\u201d against IPs, more were noted as participating in \u201cpay-for-play\u201d attacks.<\/p>\n<p>In these situations, Mirai C2 nodes were observed attacking IPs for a short duration, going inactive, and then re-emerging to attack different targets.<\/p>\n<h3 class=\"my-4\">The Numbers<\/h3>\n<ul>\n<li>The number of DDoS attacks in Q2 increased by 28% quarter-over-quarter, following three quarters of decline.<\/li>\n<li>DDoS attackers are more persistent than ever, attacking targets an average of 32 times over the quarter. One gaming company was attacked 558 times.<\/li>\n<li>Egypt was the origin of the greatest number of unique IP addresses used in frequent DDoS attacks, with 32% of the global total.<\/li>\n<li>Fewer devices were used to launch DDoS attacks this quarter. The number of IP addresses involved in volumetric DDoS attacks dropped 98% from 595,000 to 11,000.<\/li>\n<li>The incidence of Web application attacks increased 5% quarter-over-quarter, and 28% year-over-year.<\/li>\n<li>SQLi attacks were used in 51% of web application attacks &#8211; up from 44% last quarter &#8211; generating nearly 185 million alerts in Q2.<\/li>\n<\/ul>\n<h3 class=\"my-4\">Akamai Q2 Infographic<\/h3>\n<p><a  data-lightbox=\"post-image\" href=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2017\/08\/Akamai.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-226595\" src=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2017\/08\/Akamai.jpg\" alt=\"Akamai\" width=\"640\" height=\"2880\" srcset=\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2017\/08\/Akamai.jpg 640w, https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2017\/08\/Akamai-89x400.jpg 89w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><\/a><\/p>\n<h3 class=\"my-4\">Now read:\u00a0<a href=\"https:\/\/mybroadband.co.za\/news\/security\/213546-ddos-attack-sizes-and-protecting-your-servers.html\">DDoS attack sizes and protecting your servers<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"<p>New data shows that DDoS and web application attacks are on the rise.<\/p>\n","protected":false},"author":23,"featured_media":189026,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[3340,2242,35],"class_list":["post-226593","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-akamai","tag-ddos","tag-headline"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/226593"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=226593"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/226593\/revisions"}],"predecessor-version":[{"id":226799,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/226593\/revisions\/226799"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/189026"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=226593"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=226593"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=226593"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}