Dominated by an overall increase in the number of distributed denial of service (DDoS) attacks, the first quarter of the year also saw a record number of attacks (19) larger than 100 Gbps, a recent report from Akamai reveals.
According to the company’s State of the Internet – Security Report, there was a 125.36% increase in total DDoS attacks and a 142.14% increase in infrastructure layer (layers 3 & 4) attacks in Q1 2016 compared to the same period of last year. The average attack duration, however, showed a 34.98% decrease, from 24.82 hours to 16.14 hours, the report reveals.
The most important change, however, is a 137.5% increase in 100+ Gbps attacks year-over-year to a record 19 attacks, a number that also marks a 280% increase over the fourth quarter of 2015. On quarter, the total number of DDoS attacks went up 22.47%, infrastructure layer incidents grew 23.17%, while the average attack duration went up 7.96% (16.14 vs. 14.95 hours).
The use of stresser/booter-based botnets also increased in Q1, and Akamai says that most of the 19 “mega-attacks” observed in the timeframe appeared to be powered by tools common to booters/stressers. The largest DDoS attack in the quarter measured 289 Gbps, six incidents exceeded 30 million packets per second (Mpps), while two attacks peaked at more than 50 Mpps, the report reveals.
The software & technology, gaming, and media & entertainment sectors were affected the most during the quarter, Akamai says. The online gaming sector was hit hard in the three-month period, accounting for 55% of all DDoS incidents.
The first three months of the year also marked a 25.52% increase in total web application attacks over the previous three-month period, as well as a 235.99% increase in web application attacks over HTTPS. SQLi attacks went up 87.32%, while the number of web application attacks over HTTP went down 1.77% compared to the previous quarter.
The report also reveals that 59% of the total of 4,523 DDoS attacks that Akamai mitigated during the first quarter of the year were multi-vector attacks, a continuation of a trend observed in the previous quarter, supposedly fueled by increasingly sophisticated attack tools. 59% of reflection DDoS attacks were NTP reflectors, marking an increase of 72% compared with Q4 2015.
According to the report, China was the largest source of DDoS attacks in Q1, accounting for 27% of attacks, while the United States came in second with 17%, followed by Turkey with 10%. However, the US accounted for the largest web application attack source traffic (43%), followed by Brazil at 12%, and China and the Netherlands at 8% each. Romania (7%), Russia, the UK (6% each), Germany (4%), and Ukraine and India (3% each) rounded up top 10.
In April, security researchers at Imperva detailed a massive Layer 7 DDoS attack that peaked at 8.7 Gbps, although such attacks rarely rise above 500Mbps. In February, Sucuri researchers revealed that tens of thousands of WordPress websites were being used to launch Layer 7 DDoS attacks.
Related: DDoS Attacks Abuse TFTP for Reflection and Amplification
Related: DDoS Attacks Continue to Rise in Power and Sophistication