AKAMAI HAS WARNED that distributed denial-of-service (DDoS) "mega attacks" are on the rise and have the potential to cause major problems.
Content delivery firm Akamai has pushed out its Q3 2016 State of the Internet report (PDF) which reveals that, while the overall number of DDoS attacks didn't increase during 2016, the size and severity of the attacks did.
This was aided by the number of insecure Internet of Things (IoT) devices being connected to the internet, which have subsequently been compromised and used in DDoS attacks.
Akamai suggested that the number of DDoS attacks in excess of 100Gbps increased from 12 to 19 between the second quarter and third quarters, while there were only eight in the third quarter of last year.
The attack on security journalist Brian Krebs' website was the largest Akamai has been involved in mitigating. The company had provided services to Krebs pro bono via its Prolexic network service, and recorded an attack of 623Gbps in September 2016.
"While we were able to keep his site functioning, this and the attacks that followed it caused the company to re-evaluate the resources being spent on a site we were protecting for free," the company said.
Google's Jigsaw unit stepped in to help deflect the attack with its Project Shield service.
"These attacks were remarkable not only for their size, but for the source and nature of the traffic they used. Since June, we had been researching a strain of malware we called Kaiten, which targets home routers and IoT devices," said Akamai.
"The malware has now been released to the world at large, under the name Mirai, and targets more than 60 default user name and password combinations.
"When used in the attacks on Krebs on Security, the tool used ‘gre', ‘syn', and ‘ack' floods at the network level, along with ‘push' and ‘get' floods at the application layer.
"None of these vectors is hard to mitigate individually, but any type of traffic becomes problematic when you receive it at 623Gbps."
Application-layer DDoS attacks can have a major impact, but they remain comparatively rare in number.
Akamai said that this is because of the level of technical knowledge required to pull them off compared with infrastructure-layer attacks, which can be launched with simple point-and-click tools. µ
Welcome to the dystopia Black Mirror warned us about
Microsoft in 'more helpful' shock
A whole new way to be tied to your ISP
Search giant puts Epyc chips at the heart of its datacentre servers