DDoS activity grows 28% in Q2

DDoS attack activity grew 28% sequentially during the second quarter following three consecutive quarters of decline, according to Akamai’s latest State of the Internet – Security report.

DDoS attackers were meanwhile more persistent than ever, attacking targets an average of 32 times during the quarter, content delivery network provider Akamai said.

The growth in activity came despite fewer devices being used to launch attacks — the number of IP addresses involved in volumetric DDoS attacks dropped 98% from 595,000 to 11,000.

But the quarter also saw the re-emergence of PBot malware, with attackers using decades-old PHP code to generate the quarter’s largest DDoS attack observed by Akamai, creating a mini-DDoS botnet capable of launching a 75 Gbps attack.

Web application attacks increased 5% quarter-on-quarter and 28% year-on-year, with SQL injection attacks used in more than half (51%) of these attacks.

“Our report this quarter highlights the continued volatility in the threat landscape. It was interesting to see the shift in source IP geography, where, for the first time ever, Egypt had the greatest number of unique IP addresses used in frequent DDoS attacks than any other country globally. While that doesn’t seem directly relevant to Australia, it is extremely significant,” Akamai APAC Senior Security Specialist Nick Rieniets commented.

“This demonstrates that geographic profiling is a real and potentially imminent threat to Australia. When there are changes like this in the threat landscape and when new threats are released, companies need to recognise, acknowledge and assess that volatility, and change their security controls accordingly, and in a timely manner.”

Follow us and share on Twitter and Facebook