THIS IS THE DAWN of the mega denial-of-service (DDoS) attack, according to security firm Akamai and its second quarter threat report.
We wait every three months for the Akamai State of the Internet report, and we are never disappointed. Its content is pretty good too, and allows for a summary of the past quarter and a reminder about things like Shellshock and web perennials like Flash, WordPress themes and application attacks.
DDoS attacks - we have covered a few of those - doubled year over year, according to the report, and there was a spike in swaggering, large-scale attacks.
Akamai said that DDoS attacks are not the only danger, and that a single Shellshock exploitation was responsible for 49 percent of all web application attacks during the period. The firm also found vulnerabilities in WordPress plugins.
"The threat posed by distributed DoS [DDoS] and web application attacks continues to grow each quarter," said John Summers, vice president for Akamai's cloud security business sector.
"Malicious actors are continually changing the game by switching tactics, seeking out new vulnerabilities and even bringing back old techniques that were considered outdated.
"By analysing the attacks observed over our networks, we're able to identify emerging threats and trends and provide the public with the information to harden their networks, websites and applications and improve their cloud security profiles."
DDoS attacks have been doubling for the past three quarters, but are now coming in with a bit more shock and awe. Akamai found a spike in heavy attacks that went as far as to hit outfits with a 100Gbps hammer. A dozen attacks spiked at this high level, and five others topped out at 50mpps (packets per second).
One attack, which presumably makes all the others feel very inferior, claimed a peak of 240Gbps and lasted for over 13 hours. In case you haven't guessed it, these are the "mega attacks". Akamai said that few organisations would have the capacity to beat one of those off.
We can think of one company that did manage to see off the efforts of DoS attackers. That is Cloudflare, which said last year that someone had lobbed a 400Gbps spanner into its servers.
That was then, Akamai is all about now. The report said that DDoS action has increased by 132 percent year over year, and seven percent against the previous quarter. This sets a new record for DDoS. Much of the traffic comes from China, in case anyone was planning on baking a celebratory cake and needs a theme.
The other 51 percent of the web attacks included SQL injection (26 percent), local file intrusion (18 percent) and a range of malicious file-, PHP- and Java-based threats.
All this is bread and butter for security reports, though. Akamai has stepped things up by considering whether companies and organisations should consider blocking Tor for security reasons.
Q2 SOTI Security Preview: Tor Pros and Cons - The Akamai Blog: http://t.co/V94QyfDmWz— BillBrenner70 (@BillBrenner70) August 14, 2015
The INQUIRER does not like to make assumptions, but we would assume that a lot of firms are blocking the anonymising system that, more often than not, is linked with the drug trade and dirty dealing. So we perked up here.
"For this report [we] examined the perceived threat posed by the onion router (Tor) traffic," said Summers. "The more you know about cyber security threats, the better you can defend your enterprise."
A tour of the Tor project by Akamai found benefits with the system, but elements that would be attractive to hackers. The network is rarely the route of attacks, and the blocking of Tor attacks could have an negative impact on business, the report said. A seven-day period of data from the Kona customer base found that Tor was rarely caught out there.
"In order to assess the risks involved with allowing Tor traffic to websites, Akamai analysed web traffic across the Kona security customer base during a seven-day period. The analysis showed that 99 percent of the attacks were sourced from non-Tor IPs," the report explained.
"However, one out of 380 requests out of Tor exit nodes were malicious. In contrast, only one out 11,500 requests out of non-Tor IPs was malicious. That said, blocking Tor traffic could have a negative business effect. However, legitimate HTTP requests to e-commerce related pages showed that Tor exit nodes had conversion rates on par with non-Tor IPs."
The retail industry is most heavily leaned on by Tor miscreants, and Akamai found that the sector suffered from 213,000 attacks, or around a third of the total over the period. Financial services takes 26 percent of the load, technology 21 percent, and media and entertainment eight percent. Gaming, which we might class as media and entertainment, if only to make it feel better, has a 0.06 chunk of trouble.
Attackers focused 40 percent of thwacks on organisations in the US, followed by Switzerland (think banking) 35 percent, and the UK 21 percent. Everywhere else, bar Canada, amounts to less than one percent.
Ultimately, and perhaps disappointingly, Akamai has an open ended conclusion to the study. It has gone for the suck-it-and-see approach, suggesting that firms try it on and see how it works out for them.
To Tor or not to Tor is a question that is up to you to answer. We put it to Akamai, which provides a 'constantly updated Tor exit node network list', anyway.
The report is available online. You will have to share your name, email address and phone number to get it. µ
Some people do have a lot of time on their hands
It's only been days since its release but hackers gonna hack
And some spent, er, just £238
Souped-up flagship also packs Warp Charge, 256GB storage