Gunnar Assmy - Fotolia
Distributed denial of service (DDoS) attacks greater than 100Gbps increased by 140% year-on-year in the last three months of 2016, according to Akamai’s Q4 State of the Internet/Security Report, with most of them caused by the Mirai internet of things (IoT) botnet.
Akamai, a specialist in content delivery network (CDN) services, releases frequent updates on the state of the internet based on data collected from its own platform.
Its latest report found that while the largest DDoS attack at the tail-end of 2016, which peaked at 517Gbps, came from the two-year-old Spike botnet, seven out of 12 of the biggest attacks over the same period were down to Mirai.
“As we saw with the Mirai botnet attacks during the third quarter, unsecured IoT devices continued to drive significant DDoS attack traffic,” said Martin McKeay, senior security advocate and senior editor of the report.
“With the predicted exponential proliferation of these devices, threat agents will have an expanding pool of resources to carry out attacks, validating the need for companies to increase their security investments. Additional emerging system vulnerabilities are expected before devices become more secure.”
The Mirai botnet first came to widespread public attention when its code base was released in October 2016. Almost immediately, it was used in a major attack on domain name system (DNS) provider Dyn, taking a number of popular websites offline across the world.
Subsequently, security experts have predicted that the ever-growing number of vulnerable IoT sensors and devices – which are much easier to co-opt into botnets – mean that the industry can expect to see at least 12 DDoS attacks reaching a terabit in size this year.
Read more about IoT security
- A functioning internet of things requires everyone to take security seriously; learn the part a secure platform has to play.
- IoT security has been a concern from the get-go, and the Mirai botnet made it mainstream. See what experts’ IoT predictions for security in 2017 are.
- To secure the exploding number of IP connections created by IoT, big data and cloud services, connections must be underpinned by encryption and a VPN.
Reflecting this trend for cyber criminals to target the IoT, Akamai found that the number of IP addresses had grown significantly towards the end of last year, with the US sourcing the highest number of IP addresses participating in DDoS attacks.
The US also remained the top source country for web application attacks, up 72% on the third quarter, with SQL injection, LFI and XSS web application vectors accounting for 95% of observed web applications in Q4, although this number was down 19% year-on-year.
Out of 25 DDoS attack vectors tracked by Akamai during the quarter, the largest were UDP fragment (27%), DNS (21%) and NTP (15%), while overall, DDoS attacks were down 16%.
“If anything, our analysis of Q4 2016 proves the old axiom ‘expect the unexpected’ to be true for the world of web security,” said McKeay.
“For example, perhaps the attackers in control of Spike felt challenged by Mirai and wanted to be more competitive. If that is the case, the industry should be prepared to see other botnet operators testing the limits of their attack engines, generating ever-larger attacks.”