DDoS down globally, on increase in Americas in Q2, report says

Even as the internet connectivity remained steady and average connection speed increased above broadband levels, the number of distributed denial-of-service (DDoS) attacks declined the second quarter of 2014, which was also marked by the discovery of the OpenSSL vulnerability Heartbleed.

According to Akamai's "Q2 2014 State of the Internet Report," the company's customers logged 270 DDoS attacks during the second quarter, a decline of 15 percent from the 283 attacks reported the quarter before. The downward trend, said Akamai, supports the finding of a Q2 global DDoS report from Prolexic, which Akamai acquired earlier this year. The Prolexic study found that volumetric attacks aimed at Layers 1-4 are on the rise but those targeting Layers 5-7 are on the downswing.

The study found that DDoS attacks were down globally but increased by 11 percent in the Americas, accounting for 57 percent of reported attacks. The news was better for the Asia Pacific, which marked the largest decline in DDoS attacks, dropping 23 percent from the first to the second quarter. That region accounted for 25 percent of DDoS attacks reported worldwide.

The number of attacks globally dropped, in part, because many of the attacks in Asia Q1 were related to political activity, Martin McKeay, security advocate at Akamai, told

Attacks targeting the high tech sector rose 60 percent in the second quarter but those in the public sector declined by 54 percent. A decrease in the number of attacks on government, was “directly related to the situation in Singapore in the first quarter,” said David Belson, senior director of Industry and Data Intelligence at Akamai, calling the drop “more of a return to normal.”

The report noted that for the first time since it started tracking repeated attacks against targets, the number of those attacks declined from 26 percent to 18 percent. In fact, only two of the company's customers were hit more than five times — one of those was targeted seven times. 

However, that is a steep decline from the quarter before when the high was 17 attacks. 

“More companies received a second attack than before,” said Belson, explaining that attackers typically stopped there, by and large not returning for a third, fourth or fifth attack.

The second quarter was remarkable in that it saw an uptick in Simple Network Management Protocol (SNMP) reflection attacks, the emergence of Heartbleed and the proliferation of both Storm and Zeus.

Noting that “Akamai learned about Heartbleed slightly ahead of public notice of the vulnerability,” the report noted the company patched its Secure Content Delivery Networks on April 4 by disabling heartbeats and the next day patched its core HTTP content delivery network. After careful review, the company rotated customer certificates late on April l3 and began rotating ssl keys on April 14.

The report found that the number of SNMP reflection attacks increased as attackers leveraged GetBulk requests against SNMP version 2 to “cause a large number of networked devices to send their stored data all at once to a target in an attempt to overwhelm the resources of the target.” The attacks are appealing to attackers because they require fewer resources but pay off big with massive volumes of malicious traffic.

Zeus, too, grabbed the spotlight in the second quarter, as the crimeware kit behind several high-profile breaches, the report said. Evolving from focusing on gaining banking credentials to “being used in the control of compromised hosts for criminal activities,” Zeus has become of greater risk “because an increasing number of enterprise applications and cloud-based services are accessible from the Web.” And it has become increasingly difficult to detect and curb because “because of how files are hidden, content is obfuscated and firewalls are disabled.”

The study also found that, for the first time, average connectivity speed, which increased by 21 percent to 4.6 Mbps, edged above the broadband threshold of 4 Mbps, a trend that Belson believes will continue. 

“There are so many things driving the growth of bandwidth. More people coming online, more devices coming online, consuming and generating content,” he said.

Added McKeay, “Creating our own content is the norm not the exception.” And with added content and bandwidth, as well as device users in the driver's seat, come additional security headaches. 

“Shellshock is an example of how a piece of software in almost every major system [can be used for] multiple attack vectors,” McKeay said.

But Shellshock, Heartbleed and a growing number of high-profile attacks have brought a much-needed boost in awareness. “It has reached a point where people realize the security of data is possibly more important than the security of physical devices,” McKeay said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.