Are there botnet operators out there poised to soon test the limits of their attack engines as they look to one-up previous large strikes? That’s an unpleasant thought for many but a likely potential, and a scenario referenced in a new study released on Tuesday by Akamai Technologies on current cloud security and the threat landscape.
“As we saw with the Mirai botnet attacks during the third quarter, unsecured Internet of Things (IoT) devices continued to drive significant DDoS attack traffic,” Martin McKeay, Akamai senior security advocate and senior editor of the report. “With the predicted exponential proliferation of these devices, threat agents will have an expanding pool of resources to carry out attacks, validating the need for companies to increase their security investments. Additional emerging system vulnerabilities are expected before devices become more secure.”
The “Fourth Quarter, 2016 State of the Internet/Security Report” says that attacks greater than 100 Gbps increased 140 percent year-over-year from Q4 2015. It also points out that the largest DDoS attack in Q4 2016, which peaked at 517 Gbps, came from Spike, a non-IoT botnet that has been around for more than two years. Seven of the 12 Q4 2016 mega attacks, those with traffic greater than 100 Gbps, can be directly attributed to Mirai, according to the research.
In terms of IP addresses involved in DDoS attacks, the report shows that number grew significantly in the fourth quarter, despite DDoS attack totals dropping overall. “The United States sourced the most IP addresses participating in DDoS attacks – more than 180,000,” the research says.
Of the 25 DDoS attack vectors tracked in Q4 2016 by Akamai, the top three were UDP fragment (27 percent), DNS (21 percent), and NTP (15 percent), while overall DDoS attacks decreased by 16 percent.
“If anything, our analysis of Q4 2016 proves the old axiom ‘expect the unexpected’ to be true for the world of web security,” McKeay stresses. “For example, perhaps the attackers in control of Spike felt challenged by Mirai and wanted to be more competitive. If that’s the case, the industry should be prepared to see other botnet operators testing the limits of their attack engines, generating ever larger attacks.”
Information on obtaining a copy of the report is here.
