Mega DDoS attacks on the increase, warns Akamai

The number of DDoS attacks hasn't risen - but their size and severity has

Akamai, the content delivery company responsible for as much as 30 per cent of all web traffic, has warned that the number of distributed denial of service (DDoS) "mega attacks" is on the increase.

In its latest State of the Internet report, it claims that while the overall number of DDoS attacks hasn't increased during 2016, the size and severity of the attacks have - aided by the number of insecure Internet of Things (IoT) devices being connected to the internet, which have subsequently been compromised and used in DDoS attacks.

Akamai suggests that the number of DDoS attacks in excess of 100 gigabits per second (Gbps) increased between the second quarter and the third quarter from 12 to 19, while in the third quarter of last year there were only eight.

The attack on security journalist Brian Krebs' website was, according to Akamai, the largest attack it has been involved in mitigating. Akamai had been providing services to Krebs pro bono via its Prolexic network service and recorded an attack of 623 Gbps in September 2016.

"While we were able to keep his site functioning, this and the attacks that followed it caused the company to re-evaluate the resources being spent on a site we were protecting for free," the company claimed in its report.

When Akamai withdrew, Google's Jigsaw unit stepped in to help deflect the attack with its Project Shield service.

The report continued: "These attacks were remarkable not only for their size, but also for the source and nature of the traffic they used. Since June, we had been researching a strain of malware we called Kaiten, which targets home routers and IoT devices.

"The malware has now been released to the world at large, under the name Mirai, and targets more than 60 default user name and password combinations.

"When used in the attacks on Krebs on Security, the tool used ‘gre', ‘syn', and ‘ack' floods at the network level, along with ‘push' and ‘get' floods at the application layer. None of these vectors are hard to mitigate individually, but any type of traffic becomes problematic where you receive it at 623 Gbps."

While application-layer DDoS attacks can have major impact, they remain comparatively rare in number, according to Akamai, which conjectures that this is because of the level of technical knowledge required to pull them off compared to infrastructure layer attacks, which can be launched with simple point-and-click tools.

Above: Most frequent DDoS attack vectors by quarter over the past year, according to Akamai