Most Recent Security Report
Akamai Technologies, Inc. For the past three quarters, there has been a doubling in the number of DDoS attacks year over year.
And while attackers favored less powerful but longer duration attacks this quarter, the number of dangerous mega attacks continues to increase. In Q2 , there were 12 attacks peaking at more than Gigabits per second Gbps and five attacks peaking at more than 50 Million packets per second Mpps.
Very few organizations have the capacity to withstand such attacks on their own. The largest DDoS attack of Q2 measured more than gigabits per second Gbps and persisted for more than 13 hours.
Peak bandwidth is typically constrained to a one to two hour window. Q2 also saw one of the highest packet rate attacks ever recorded across the Prolexic Routed network, which peaked at Mpps. That attack volume is capable of taking out tier 1 routers, such as those used by Internet service providers ISPs.
Average peak attack bandwidth and volume increased slightly in Q2 compared to Q1 , but remained significantly lower than the peak averages observed in Q2 Practically unseen a year ago, SSDP attacks have been one of the top attack vectors for the past three quarters.
SYN floods have continued to be one of the most common vectors in all volumetric attacks, dating back to the first edition of the security reports in Q3 Online gaming has remained the most targeted industry since Q2 , consistently being targeted in about 35 percent of DDoS attacks. China has remained the top source of non-spoofed attack traffic for the past two quarters, and has been among the top three source countries since the very first report was issued in Q3 Akamai first began reporting web application attack statistics in Q1 This quarter, two additional attacks vectors were analyzed: Shellshock and cross-site scripting XSS.
In contrast, local file inclusion LFI attacks dropped significantly this quarter. WordPress, the world's most popular website and blogging platform, is an attractive target for attackers who aim to exploit hundreds of known vulnerabilities to build botnets, spread malware and launch DDoS campaigns. Third-party plugins go through very little, if any, code vetting.
To better understand the threatscape, Akamai tested more than 1, of the most popular plugins and themes.
As a result, 25 individual plugins and themes that had at least one new vulnerability were identified. In some cases, the plugin or theme had multiple vulnerabilities - totaling 49 potential exploits. A full listing of the newly discovered vulnerabilities is included in the report, along with recommendations to harden WordPress installs.
The Onion Router TOR project ensures the entry node to a network does not match the exit node, providing a cloak of anonymity for its users. While Tor has many legitimate uses, its anonymity makes it an attractive option for malicious actors. In order to assess the risks involved with allowing Tor traffic to websites, Akamai analyzed web traffic across the Kona security customer base during a seven-day period.
Most Recent Connectivity Report
However, 1 out of requests out of Tor exit nodes were malicious. In contrast, only 1 out 11, requests out of non-Tor IPs was malicious. That said, blocking Tor traffic could have a negative business affect. Visitors to stateoftheinternet.
The company's advanced web performance, mobile performance, cloud security and media delivery solutions are revolutionizing how businesses optimize consumer, enterprise and entertainment experiences for any device, anywhere. To learn how Akamai solutions and its team of Internet experts are helping businesses move faster forward, please visit www.
At a glance Compared to Q2 As in Q1 , the financial services and retail industries were attacked most frequently. The threat of third-party WordPress plugins and themes WordPress, the world's most popular website and blogging platform, is an attractive target for attackers who aim to exploit hundreds of known vulnerabilities to build botnets, spread malware and launch DDoS campaigns.
The pros and cons of Tor The Onion Router TOR project ensures the entry node to a network does not match the exit node, providing a cloak of anonymity for its users.
DDoS and web application attacks - Akamai State of the Internet Security Report Q4 2016
About stateoftheinternet. Previous: Integra to Acquire opticAccess.