Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

DDoS Attacks Decline in Q2: Akamai

There may have been a decline in distributed denial-of-service attacks during the second quarter of 2014, but the private sector saw very little respite, according to a new report from Akamai Technologies.

There may have been a decline in distributed denial-of-service attacks during the second quarter of 2014, but the private sector saw very little respite, according to a new report from Akamai Technologies.

In its ‘Second Quarter, 2014 State of the Internet Report’, Akamai reported that the overall number of DDoS attacks reported to the company declined to 270. That was down from 283 during the first quarter of the year.

The company’s public sector customers accounted for 11 percent of the victims, which declined from 20 percent in the first quarter. The news for the private sector however was not as good. Though enterprises actually saw one less attack than in the first quarter, they still accounted for the largest percentage of victims at 30 percent, a slight jump of two percent from the first quarter. The high-tech sector fell victim to 42 of the attacks, an increase of 60 percent.

“One of the most interesting aspects of the second quarter of 2014 is the fact that Akamai saw a decrease in the number of repeated attacks against targets…In the second quarter, attacks were reported by 184 different targets, the most since tracking of the number of repeated attacks started,” the report noted. “The percentage of customers that saw subsequent attacks shrank from one in four (26%) to nearly one in six (18%). Only two customers were targeted by DDoS attacks more than five times and the most attacks on a single target were seven, as opposed to 17 in the prior quarter. There is no clear explanation as to why repeated attacks have become less common, though this change in tactics came as a welcome respite for their targets.”

Port 80 was the target of 15 percent of the attack traffic, while ports 445 and 23 were targeted by 14 percent and 10 percent, respectively. Forty-three percent of attack traffic is believed to have emanated from China.

Advertisement. Scroll to continue reading.

The firm also saw a spike in SNMP (Simple Network Management Protocol) reflection attacks during the second quarter.

“These DDoS attacks abuse the snmp protocol, which is commonly supported by network devices such as printers, switches, firewalls and routers,” according to the report. “Older devices (those manufactured approximately three or more years ago) used snmp version 2 and were commonly delivered with the snmp protocol openly accessible to the public by default.”

“Through the use of GetBulk requests against snmp version 2, malicious actors can cause a large number of networked devices to send their stored data all at once to a target in an attempt to overwhelm the resources of the target,” the report notes. “This kind of DDoS attack, called a distributed reflection and amplification (DrDoS) attack, allows attackers to use a relatively small amount of their own resources to create a massive amount of malicious traffic.”

The attackers appear to be using a malicious tool to automate their GetBulk requests, possibly using multiple threads, according to Akamai.

The full report can be downloaded here.

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.