AKAMAI HAS WARNED that, while the volume of DDoS attacks has so far declined in 2017, a proliferation of Mirai-style hack on IoT devices means that bigger attacks could be just around the corner.
The content distribution company, which accounts for as much as 30 per cent of all online traffic, made the claims in its latest State of the Internet (PDF) report.
Like any product, DDoS attack tools follow a 'hype cycle', it suggested, but it is typically much faster than consumer technologies as the relatively small community working with botnets is very open to change.
Mirai is currently working its way through the so-called malware hype cycle, although its popularity has hampered it somewhat; contention for insecure IoT devices, which Mirai targets, has reduced the size of attacks considerably.
The effects of the IoT should not be underestimated as the space is drawing more attention from a wider audience. For example, malware last year targeted IoT toasters in order add them to bitcoin mining botnets. Although the malware was ineffective, it provided an interesting proof of concept.
Despite the Mirai botnet, DDoS attacks in general have fallen 30 per cent, year-on-year, and 17 per cent quarter-on-quarter. The median size has also fallen, from 4Gbps in 2015 to just over 500Mbps today. However, this is likely due to the increased number of smaller attacks, with half of all assaults now between 250Mbps and 1.25Gbps.
Even these smaller attacks can harm unprepared organisations, though.
Akamai warned: "If we consider that many businesses lease uplinks to the Internet in the range of 1-10Gbps, any attack exceeding 10Gbps could be ‘big enough' and more than capable of taking the average unprotected business offline."
It is expected that the size and frequency of DDoS attacks will increase in the near future; small-scale attacks are especially expected to rise, but the mega-attacks will continue to have an outsized impact on DDoS trends.
A new attack spotlighted by Akamai was Mirai's DNS Water Torture, first seen in mid-January targeting customers in the financial services industry. It is a flood of DNS queries, which can lead to a denial of service for legitimate users if the target server is unprepared. However, it was reflection attacks that continued to dominate DDoS activity.
There was a subtle shift in the area of web application attacks, with 57 per cent more coming from the USA in the first quarter of 2017 compared to the same quarter in 2016. These target the underlying fabric of websites; either tying up resources or taking information from the database powering the sites. The impact can be longer-lasting than outages from infrastructure-related DDoS attacks.
The USA, Netherlands, Brazil, China and Germany were the top sources of web application attacks in the first quarter. The Netherlands is an interesting standout, with a population of only 17 million but producing 12.7 per cent of web attacks. By comparison, the USA has a population almost 20 times higher, but produces ‘just' 34 per cent of attacks.
Web application attacks targeted the USA (221 million), Brazil (24.2 million), the UK (14.2 million), Japan (13.4 million) and Germany (10.8 million). Although the US was far in advance of any other country, the figure was actually down 9 per cent, while Brazil and the UK were up (46 per cent and 30 per cent, respectively). µ
The week in Google
The scandal that just keeps giving
Clip to the end....