DDoS Attacks Set New Record While Credential Abuse Attacks Decline

Akamai released its State of the Internet Security Summer 2018 report on June 26, providing insight into the current state of web application and distributed denial-of-service (DDoS) attacks. The 28-page report takes a specific look at credential abuse attacks against the hotel and travel industry, finding that attacks have leveled off over the last three months after reaching a peak at the end of January. The report also found that DDoS attack volume reached a record high of 1.35T bps, powered by a memcached reflection attack vector. On average, Akamai found that over the last six months, organizations faced an average of 41 DDoS attacks. In this slide show, eWEEK looks at some of the highlights of Akamai’s State of the Internet Security Summer 2018 report.

The largest DDoS attack seen by Akamai over the last six months was a 1.35T-bps attack that occurred at the end of February. The attack made use of misconfigured memcached servers to reflect and amplify attack volume.

Looking at DDoS attack vector frequency, Akamai found that UDP fragments were the top vector for infrastructure layer attacks.

Over the last six months, Akami found that organizations were hit with a DDoS attack an average of 41 times.

Hotel and travel sites were heavily targeted at the beginning of 2018 by attackers looking to use fraudulent or stolen credentials. Akamai found that attacks declined significantly in February as operators closed down multiple routes that were sources of malicious traffic.

Fifty-one percent of web application attacks seen by Akamai from November 2017 until April 2018 used SQL injection (SQLi) as an attack vector.

While attackers go after targets all around the world, the United States is by far the most attacked country.