There may have been a decline in distributed denial-of-service attacks during the second quarter of 2014, but the private sector saw very little respite, according to a new report from Akamai Technologies.
In its 'Second Quarter, 2014 State of the Internet Report', Akamai reported that the overall number of DDoS attacks reported to the company declined to 270. That was down from 283 during the first quarter of the year.
The company's public sector customers accounted for 11 percent of the victims, which declined from 20 percent in the first quarter. The news for the private sector however was not as good. Though enterprises actually saw one less attack than in the first quarter, they still accounted for the largest percentage of victims at 30 percent, a slight jump of two percent from the first quarter. The high-tech sector fell victim to 42 of the attacks, an increase of 60 percent.
"One of the most interesting aspects of the second quarter of 2014 is the fact that Akamai saw a decrease in the number of repeated attacks against targets…In the second quarter, attacks were reported by 184 different targets, the most since tracking of the number of repeated attacks started," the report noted. "The percentage of customers that saw subsequent attacks shrank from one in four (26%) to nearly one in six (18%). Only two customers were targeted by DDoS attacks more than five times and the most attacks on a single target were seven, as opposed to 17 in the prior quarter. There is no clear explanation as to why repeated attacks have become less common, though this change in tactics came as a welcome respite for their targets."
Port 80 was the target of 15 percent of the attack traffic, while ports 445 and 23 were targeted by 14 percent and 10 percent, respectively. Forty-three percent of attack traffic is believed to have emanated from China.
The firm also saw a spike in SNMP (Simple Network Management Protocol) reflection attacks during the second quarter.
"These DDoS attacks abuse the snmp protocol, which is commonly supported by network devices such as printers, switches, firewalls and routers," according to the report. "Older devices (those manufactured approximately three or more years ago) used snmp version 2 and were commonly delivered with the snmp protocol openly accessible to the public by default."
"Through the use of GetBulk requests against snmp version 2, malicious actors can cause a large number of networked devices to send their stored data all at once to a target in an attempt to overwhelm the resources of the target," the report notes. "This kind of DDoS attack, called a distributed reflection and amplification (DrDoS) attack, allows attackers to use a relatively small amount of their own resources to create a massive amount of malicious traffic."
The attackers appear to be using a malicious tool to automate their GetBulk requests, possibly using multiple threads, according to Akamai.
The full report can be downloaded here.