Ivelin Radkov - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

2015 DDoS attacks on the rise, attackers shift tactics

News roundup: New research highlights the changing nature of DDoS attack frequency and methodology. Plus: New malware strains double in second half of 2014; two new address bar spoofing vulnerabilities.

Akamai Technologies, Inc. released its "Q1 State of the Internet Security" report Tuesday, in which researchers recorded a record number of distributed denial-of-service (DDoS) attacks on Akamai's PLXrouted network.

The total number of Q1 2015 DDoS attacks increased 116.5% over the number reported in Q1 2014, and an increase of 35.24% over Q4 2014.

In studying the attacks, researchers also concluded attack methods of choice have evolved over the past year. Attackers in 2014 opted for high-bandwidth, short-duration attacks, while in Q1 2015 the majority of DDoS attacks used less than 10 Gbps and persisted longer than 24 hours.

Akamai researchers also observed a shift in attack vectors, which is believed to be caused by the increase in Internet of Things devices; Simple Service Directory Protocol (SSDP) attacks, which were not observed in Q1 or Q2 2014, accounted for nearly 21% of attack vectors. SSDP is enabled by default on many smart home and office devices, including routers and webcams. A report released in April by NSFOCUS also found SSDP attacks as a growing attack vector.

Overall, Q1 2015 DDoS attacks saw a nearly 60% increase in application layer attacks and a nearly 125% increase in infrastructure layer attacks over Q1 2014, with the average attack lasting 24.83 hours versus 17.38 hours in Q1 2014.

Akamai also addressed the new security risks that will come with IPv6 adoption. While IPv6 DDoS attacks are "not yet a common occurrence," the press release reads, "there are indications that malicious actors have started testing and researching IPv6 DDoS attack methods."

In other news

  • A report released Monday by G Data Software AG found the number of new malware strains "increased enormously" in the second half of 2014, up to 4,150,068 from 1,848,617 in the first half of the year, an approximate 125% increase. The total number of malware strains appearing in 2014 reached nearly 6 million, 77% more than the total number found in 2013, equating to a new malware type discovered every 3.75 seconds. G Data researchers also found that while the number of U.S. banking customers targeted by hackers fell by 12% over the first half of 2014, the number of averted Trojan attacks rose by 44.5%. In addition, adware had the highest rate of growth among all malware categories, up to 31.4% from 14.1% in the first half of the year.
  • News broke about two separate address bar spoofing vulnerabilities in the Safari and Google Chrome for Android Web browsers. Deusen researchers found the Safari address spoofing vulnerability Sunday; the address bar says dailymail.co.uk, but the content is actually from deusen.co.uk. A malicious site could easily be substituted researchers told The Register. Security researcher Manuel Pelaez wrote in a SANS Internet Storm Center blog post that "the code is very simple: webpage reloads every 10 milliseconds using the setInterval() function, just before the browser can get the real page and so the user sees the 'real' web address instead of the fake one."
  • Security researcher Rafay Baloch disclosed the Google Chrome for Android vulnerability to the public on Monday, months after reporting it to Google. Baloch collaborated with Rapid7 LLC researchers to develop a proof-of-concept exploit in which a hacker could host a Google phishing site, making it appear to be on google.com/csi; as soon as the victim enters their credentials, they are redirected to attacker.com. The Android security team reportedly released patches for Android KitKat and Lollipop; users are advised to contact their carriers to ensure the update has been installed. If the update is unavailable, users are urged to not use the Chrome browsers to perform authentication.

Next Steps

Get help preventing DDoS attacks, assessing antimalware protection and avoiding spoofing attacks

Dig Deeper on DDoS attack detection and prevention