Akamai’s Q2 2015 State of the Internet Security Report is now available for download. Highlights of this quarter’s trends include:
Doubled DDoS Attacks
The number of distributed denial of service (DDoS) attacks recorded on Akamai’s Prolexic Routed Network set a new record in Q2 2015—just as it did in Q1 2015. The trend for the last three quarters shows significant year-over-year increases in attack frequency:
- 90 percent year-over-year increase in Q4 2014
- 117 percent year-over-year increase in Q1 2015
- 132 percent year-over-year increase in Q2 2015
Not only are DDoS attacks more frequent, but they’re getting longer. Compared to Q1 2015, attacks are 17 percent longer, with the average attack duration increasing from 20.64 to to 24.82 hours.
Mega Attacks
This quarter saw a 50 percent increase over Q1 2015 in mega attacks exceeding 100 Gbps. Compared to Q2 2014, mega attacks have increased by 100 percent. The largest of these attacks, measuring nearly 250 Gbps, significantly outstrips the largest attack of Q1 2015, at 170 Gbps. Both attacks used the same padded SYN flood, along with a UDP fragment flood and UDP flood.
Targets and Sources
Online gaming has been the most targeted industry since Q2 2014. This quarter it was the target of 35 percent of DDoS attacks. The next most frequently targeted industry was software and technology, at 28 percent.
China continued to increase its share of non-spoofed DDoS attacks. In Q2 2014 it was the third most common source of attacks, at 12 percent. In both Q1 and Q2 of 2015, China was the most common source, at 23 percent and 37 percent, respectively. The US has remained in the top three source countries, this quarter ranking second with 18 percent of attacks.
Attack Types
SYN floods have been one of the most common vectors in DDoS attacks since 2011, and were the most common in Q2 2015 as well, at 16 percent. Attacks exploiting the Simple Service Discovery Protocol (SSDP) were unheard of until Q3 2014, but these attacks were very nearly as common as SYN floods this quarter, making up just under 16 percent of all DDoS attacks.
These vectors are expected to remain popular. In particular, the proliferation of unsecured, home-based, Internet-connected devices using the Universal Plus and Play (UPnP) protocol ensures that they remain attractive for exploitation as SSDP reflectors.
At a glance
Compared to Q2 2014
- 43% increase in total DDoS attacks
- 22% increase in application layer attacks
- 66% increase in infrastructure layer attacks
- 99% increase in average duration
- 47% decrease in average peak bandwidth
- 26% decrease in average peak volume
Compared to Q1 2015
- 13% increase in total DDoS attacks
- 65% increase in application layer attacks
- 04% increase in Infrastructure layer attacks
- 85% decrease in average duration
- 46% increase in average peak bandwidth
- 98% increase in average peak volume
For full details and analysis on this quarter’s statistics and emerging trends, download the Q2 2015 State of the Internet Security Report.