Вы находитесь на странице: 1из 2

akamais [state of the internet] /

Q1 2015 State of the Internet Security Report Statistics and Trends

Selected excerpts

DDoS attacks are on the rise, according to the Q1 2015 State Of The Internet - Security
Report, with Akamai reporting a record number of DDoS attacks recorded on the
PLXrouted network more than double the number reported in the first quarter of 2014.
However, the profile of the typical attack has changed, with attackers favoring relatively
low-bandwidth attacks (typically less than 10 Gbps) but long durations (typically more
than 24 hours). Despite this, the largest attack of Q1 measured nearly 170 Gbps a
significant increase from the largest attack of Q4 2014.

Total DDoS attacks rose by over 35 percent in Q1 2015 compared to the previous quarter,
with duration increasing 15 percent to more than 29 hours on average. Infrastructure
attacks rose by nearly 37 percent, while application layer attacks increased by 22 percent.
Average peak bandwidth and peak volume have slightly dropped, with peak bandwidth
slightly decreasing from 6.41 Gbps in Q4 to 5.95 Gbps and peak volume dropping from 2.31
Mpps to 2.21 Mpps. (However, this represents a substantial decline from the peak of Q1
2014, where average bandwidth and volume rested at 9.70 Gbps and a record-setting 19.8

The largest attack of Q1 2015 so far one of eight mega-attacks peaking at more than 100
Gbps measured nearly 170 Gbps of peak bandwidth. Of these eight attacks, all but one
contained a SYN flood, and all but one were targeted at the gaming industry (five indirectly,
by attacking networks that hosted gaming sites.)
Infrastructure-layer attacks continued to account for the lions share (91 percent) of DDoS
activity in the first quarter. The new infrastructure-layer vector of Simple Service
Discovery Protocol (SSDP) attacks, first observed in Q3 of 2014, continued to see increased
use. SSDP attacks represented more than 20 percent of all DDoS attacks observed in Q1
2015, passing SYN floods (the top vector of the previous quarter) which accounted for 16
percent of attacks. However, as the mega-attacks show, SYN floods play a major role in
larger attacks. The top application-layer vector was HTTP GET, coming in at 7 percent.

China again topped the list of source countries for DDoS attacks, making up roughly 23
percent of traffic in Q1 2015. Germany rose to take second place with 17 percent, with the
US falling to third at 12 percent.

Gaming remained the most-attacked industry this quarter, accounting for 35 percent of all

This quarter, Akamai also published analysis of web application firewall activity. Local File
Include (LFI )attacks accounted for the majority, at more than 66 percent of analyzed web
application attacks. This is primarily due to a massive, volumetric campaign against two
large retailers, in an attempt to discover an LFI vulnerability targeting a WordPress plugin.

akamais [state of the internet] /

In one week alone, we saw nearly 75 million LFI attacks nearly two-thirds of all such
attacks observed this quarter. Akamai also observed more than 52 million SQL injection
(SQLi) attacks, representing nearly 30 percent of web application attacks. A substantial
portion of these attacks were related to attack campaigns against two companies in the
service and hospitality industry, mostly originating from Ireland.

The retail and media/entertainment verticals were the subjected to the greatest number of
application-layer attacks. After a number of high-profile retail and media breaches in 2014
alerted malicious actors to these sectors weaknesses, many attackers began probing them
for vulnerability and exploitation. LFI and SQLi attacks most commonly targeted these
industries, with retail companies attracting the most SQLi attacks. Malicious File Upload
(MFU) attacks were third most commonly used and were directed at the hotel and travel
industry more than any other vertical. Remote File Include (RFI) attacks were fourth most
common, and most often targeted media/entertainment, high tech, and retail industries.
Get the full Q1 2015 State of the Internet Security Report with all the details

Each quarter Akamai produces a quarterly Internet security report. Download the Q1 2015
State of the Internet Security Report for:

Analysis of DDoS and web application attack trends

Bandwidth (Gbps) and volume (Mpps) statistics
Year-over-year and quarter-by-quarter analysis
Attack frequency, size, types and sources
Security implications of the transition to IPV6
Mitigating the risk of website defacement and domain hijacking
DDoS techniques that maximize bandwidth, including booter/stresser sites
Analysis of SQL injection attacks as a persistent and emerging threat

The more you know about cybersecurity, the better you can protect your network against
cybercrime. Download the free the Q1 2015 State of the Internet Security Report
at http://www.stateoftheinternet.com/security-reports today.

About stateoftheinternet.com
StateoftheInternet.com, brought to you by Akamai, serves as the home for content and
information intended to provide an informed view into online connectivity and
cybersecurity trends as well as related metrics, including Internet connection speeds,
broadband adoption, mobile usage, outages, and cyber-attacks and threats. Visitors
to www.stateoftheinternet.com can find current and archived versions of Akamais State of
the Internet (Connectivity and Security) reports, the companys data visualizations, and
other resources designed to help put context around the ever-changing Internet landscape.