DDoS Attacks Are in Decline in Number and Size, Akamai Report Finds

In the security world, there tends to be a constant stream of news about how the number of attacks is increasing, which is what makes Akamai’s “First Quarter, 2017 State of the Internet/Security Report” interesting. According to the report, there was a 30 percent year-over-year decrease in the total number of distributed denial-of-service (DDoS) attacks in 1Q17. Going a step further, there was an 89 percent decrease in the number of DDoS attacks greater than 100G bps. The report isn’t all good news, though: In the first quarter of 2017, there was a 35 percent increase in the total number of web application attacks, with SQL injection attacks leading the way. In this slide show, eWEEK looks at the highlights from the most recent Akamai State of the Internet/Security Report.

The largest DDoS attack recorded by Akamai during the first quarter came in at 120G bps.

Overall, Akamai reported a sharp decline of 89 percent year-over-year in the total number of large DDoS attacks in the first quarter of 2017. There were only two attacks of over 100G bps, down from the 19 from a year ago.

The majority (57 percent) of DDoS attacks do not just rely on direct bandwidth to attack victims. Rather, they rely on some form of misconfigured internet service to “reflect” an attack, in effect amplifying the total attack bandwidth.

The most common type of DDoS reflector of misconfigured devices uses Simple Service Discovery Protocol (SSDP), which is found on many types of internet of things (IoT) devices.

Looking at web application attacks, the most common vector remains SQL injection, which accounted for 44 percent of all attacks Akamai saw in the first quarter of 2017.

While web application attacks can come from anywhere in the world, the leading source according to Akamai is the U.S., with 34 percent of attacks coming from the country in the first quarter.

Not only is the U.S. the top source of web application attacks, it is also the top target of such attacks.