2015 IS RAPIDLY PROVING to be the year of the denial-of-service (DoS) attack, at least according to the latest State of the Internet report from Akamai.
Akamai's regular report paints a detailed picture of the threat landscape. The view this year so far was blighted by the DoS attack to an even greater degree than during the previous quarter.
The firm said that the number of such attacks increased by around a third during the period and by over 100 percent against the same period last year. The largest distributed DoS (DDoS) attack during the quarter peaked at 170Gbps.
Attacks on Simple Service Discovery Protocol systems made up 20 percent of DoS attacks, mainly targeting Internet of Things devices.
"The proliferation of unsecured home-based, internet-connected devices using the Universal Plug and Play protocol has made them attractive for use as reflectors," the report said.
The firm added that the scale of its scans has increased, as has the amount of data that it produces.
"By bringing in the web application attack data, along with in-depth reports from all of our security research teams, we're able to provide a more holistic view of the internet and the attacks that occur on a daily basis," said John Summers, vice president of Akamai's cloud security business unit.
"This is our biggest and best security report yet. This report provides an in-depth look at DDoS attacks, and sets a baseline for web application attack triggers, so we will be able to report on attack trends for the network and application layers in our future reports."
Akamai said that over 90 percent of the DoS traffic was aimed at infrastructure, and that gaming networks suffered in particular.
The company found that a third of all attacks come from China, which may not surprise anyone reading this at GitHub.
Web defacement practitioners did not stay idle during the quarter, and Akamai said that sites including WordPress and Joomla were targeted by these cyber vandals.
SSL threats Poodle, Shellshock and Heartbleed also make an appearance in the catalogue of security woes. Akamai has recommend that people just straight out disable, or at least accelerate deprecation of, SSLv3 in order to deal with some of the problems here.
Dave Larson, CTO at Corero Network Security, said that, while big attacks and threats get the attention, the lower level assaults can be just as damaging.
"This correlates quite closely with the transition Corero has been noticing, where DDoS is being used more frequently as a masking agent or security perimeter degradation tool," he said.
"The big attacks are still occurring, but the increase in lower level attacks of the type we have been highlighting would create this trend in the Akamai data.
"Security conscious organisations must begin taking the threat of low-level DDoS seriously. DDoS is no longer principally about denying service. It is more about degrading security perimeters." µ
Firm promises service will be 'privacy-sensitive'
Linux founder says those that don't agree are 'f*cking morons'
But you'll have to put up with it for another few weeks
The first will be launched before the end of the year