1Akamai Security Report Shows Threat Landscape Continues to Evolve
Top attack sources vary by threat vector. In the second quarter, China was the top source for DDoS attack traffic while Brazil led in web application attacks, according to Akamai.
2Top DDoS Attack Reached 363G bps
During the second quarter, Akamai reported that the largest DDoS came in at 363 G bps against a European media company.
3China Is Top Source for DDoS
While DDoS attacks can come from anywhere in the world, China was the top source during the second quarter at 56 percent. The United States came in a distant second at 17 percent.
4Gaming Is the Top DDoS Attack Target
Across Akamai’s DDoS protection customer base, the most targeted industry for DDoS continues to be gaming with 57 percent of attacks in the second quarter.
5Time for Reflection
A common way DDoS attackers are able to increase bandwidth is by way of reflection attacks. In a reflection attack, a misconfigured service is abused to amplify and “reflect” attack traffic. In the second quarter, NTP was the most used protocol for reflection attacks at 59 percent.
6SQL Injection, Local File Injection Account for Most Web Application Attacks
SQL Injection (SQLi) and Local File Injection (LFI) accounted for nearly 90 percent of all web application attacks.
7U.S. Falls to No. 2 Source for Web Application Attacks
In the second quarter, the United States dropped to the No. 2 spot for top web application attack source. Brazil now claims the top spot with 25 percent of all web application attacks observed by Akamai in the second quarter. Akamai pegs Brazil’s gain to a number of attacks against the hotel industry in April.
8U.S. Still Top Target for Web Application Attacks
While the United States isn’t the top source for web application attacks, it’s still the top target with 64 percent of attacks.
9Bot Traffic Is Largely Undeclared
Akamai found that on a single day, bot traffic represented 43 percent of all traffic. While some bots declare themselves, such as web search crawlers, many do not. In fact, 63 percent of the bots Akamai found were undeclared and were part of various automation or scraping campaigns.