Incident Response, TDR, Threat Management

Report: From Q3 to Q4, 90 percent increase in global DDoS attacks observed

In the final quarter of 2014, enterprises around the globe were targeted with an influx of distributed denial-of-service (DDoS) attacks, which topped even experts' expectations for the period – a season typically rife with such attacks.

According to Akamai Technologies' Q4 2014 State of the Internet Security Report (PDF) released Thursday, 90 percent more DDoS attacks against companies were observed in the last quarter of the year, compared to Q3 2014. And, Akamai saw a 57 percent spike in DDoS attacks over Q4 2014, the report said.

The global report noted that the U.S., followed by China, Germany and Mexico, were among the top 10 source countries for DDoS attacks last quarter.

During the period, Akamai mitigated nine attacks that exceeded 100 Gbps, the report added. The verticals targeted with the highest-bandwidth DDoS attacks were the media and gaming industries, with the latter being hit with the last four “mega-attacks,” exceeding 100 Gbps, of the year.

John Summers, vice president of Akamai's Security Business, told in an interview that the firm “always sees a big increase [in attacks] around the Christmas season,” but they were "more pronounced than any of us anticipated,” that quarter.

The report also noted that the gaming industry received 35 percent of all DDoS attacks in Q4, which was “driven by a surge in attack activity at the end of December.”

“Gaming remained the most targeted industry since Q2 2014 and experienced a 2 percent increase this quarter. In Q4, attacks were fueled by malicious actors seeking to gain media attention or notoriety from peer groups, damage reputations and cause disruptions in gaming services. Some of the largest console gaming networks were openly and extensively attacked in December 2014, when more players were likely to be affected. Another trend was the holding of networks hostage, where the owners were asked to pay a small ransom to stop a DDoS attack,” the report said.

Akamai also highlighted a DDoS attack vector in the report, called “XMAS-DDoS,” which was launched by a hacking group claiming to be Lizard Squad, and stood as the only TCP (Transmission Control Protocol) attack that surpassed 100 Gbps in Q4. The attack uses a Christmas tree packet packed with TCP flags, hence the name “XMAS-DDoS."

The report noted that “Some of the aspects that make this attack unique also make it less effective. For example, some of the TCP flag combinations do not even render a response from the target.”

Despite this finding, the XMAS-DDoS attack vector successfully helped saboteurs scale one of the nine “mega-attacks” observed by Akamai that quarter.

“Regardless, the attack achieved its goal by generating high traffic volumes and high packet rates…This is enough traffic to hinder or completely clog most corporate infrastructures – and it highlights the ongoing development of DDoS tools,” the report said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.