DDoS Attacks in Fourth Quarter Target Internet, Technology Firms

The software and technology industry saw the sharpest climb in attack rates, up 7 percent from the last quarter, according to Akamai's report.

akamai and web security

Hackers are upping the ante.

There was a 52 percent increase in average peak bandwidth of distributed denial of service (DDoS) attacks in the fourth quarter compared to the same quarter a year ago, according to a report from cloud-based security services firm Akamai.

Nearly 40 percent of all DDoS attacks used reflection techniques, which rely on Internet protocols that respond with more traffic than they receive and do not require an attacker to gain control over the server or device.

Industries attacked most frequently were gaming (35 percent), software and technology (26 percent), Internet and telecom (11 percent), media and entertainment (10 percent), and financial services (7 percent).

"There has always been a history of DDoS in the gaming industry. The availability and accessibility of online gaming infrastructure and devices creates opportunities for malicious actors to attack using publicly available tools," Rod Soto, principal lead security researcher at Akamai Technologies, told eWEEK. "The large number of users and their interactions lead to rivalries and drives the use of DDoS against game adversaries or during critical moments of gameplay. As a result of these DDoS some groups behind have also gained notoriety, this also reinforces the use of DDoS in this vertical."

The software and technology industry saw the sharpest climb in attack rates, up 7 percent from the last quarter while the media industry saw the biggest change in percentage of attacks, dropping 13 percent compared to last quarter.

The report also found a significant increase in multi-vector attacks, which were up 88 percent overthe fourth quarter of 2013. Overall, more than 44 percent of all attacks used multiple attack vectors.

The highest bandwidth attack in Q4 was 158 Gbps, generated by a multi-vector volumetric attack that used a SYN flood, user datagram protocol (UDP) fragment flood and UDP flood.

The highest packet-per-second attack registered 96 million packets-per-second (Mpps), a 77 percent decrease from the same quarter in 2013, and an 83 percent decrease compared with the same period.

The United States and China continued as the lead source countries for DDoS traffic, but instead of the Brazil, Russia, India and China (BRIC) block that dominated in the third quarter of 2014, fourth quarter DDoS attack traffic came in large part from the United States, China and Western Europe.

"There are several factors that influence geographical shifts in DDoS attack traffic, [including] growing and mismanaged infrastructure, geographical regions that do not enforce or have laws regarding illegal DDoS activity, and discovery of new vulnerabilities that may affect specific applications or devices developed for certain regions," Soto said. "These factors combined with clean up and take down efforts are fundamental to determine shifts in DDoS attack traffic."

Compared with the same period in 2013, there were 51 percent more application layer attacks, 58 percent more infrastructure layer attacks, and a 28 percent increase in average attack duration in Q4 2014.

The report is derived from data collected on Akamai's network plus active research into attack tools, vulnerabilities, and other factors, Soto explained.