Distributed denial of service (DDoS) attacks rose by over 28% in the last quarter following three quarters of decline.
Egypt has replaced the United States at the largest source of DDoS attacks this year despite not being among the top 5 last year.
Distributed denial of service (DDoS) attacks have been known as among the most effective and most paralysing cyber-attacks that destroy communications and cause severe financial losses to organisations and businesses.
Last year, research by Imperva revealed that the UK was the second most targeted country in the world, bearing the brunt of nine per cent of all the detected DDoS attacks. Even though a majority of DDoS attacks targeted small and medium businesses, large businesses and organisations like the BBC, HSBC UK and the Irish National Lottery were taken down as well.
While it seemed that DDoS attacks were on the wane following three-quarters of decline, Akamai Technologies, Inc. has observed a 28% rise in DDoS attacks in the second quarter with targets being attacked an average of 32 times over the quarter.
Here are nine things which you didn’t know about DDoS attacks and which should serve as a reminder of the extent of the threat such attacks pose to your business:
1. 32% of DDoS attacks in the last quarter generated from IP addresses located in Egypt. The United States topped the list last year but continues to remain a major host to IP addresses that are used to generate DDoS attacks.
2. Even though the number of DDoS attacks is on the rise, fewer devices are now being used by hackers to launch such attacks. According to Akamai, the number of IP addresses used for launching such attacks has come down from 595,000 to just 11,000.
3. DDoS attacks aren’t one time exercises. Hackers are using such attacks multiple times on target businesses to wreak havoc and bring down servers. A gaming company was attacked 558 times or approximately six times a day on average.
4. Out of all web application attacks, hackers used SQLi attacks in more than half of all incidents. A total of 185 million SQLi attacks were detected in the second quarter.
5. Web application attacks rose by 28% year-over-year and by 5% over the first quarter.
6. The PBot DDoS malware is being used by hackers to launch the strongest of DDoS attacks. This malware uses decades-old PHP code and can launch as high as 75 gigabits per second attacks. It is capable of such scale despite using relatively small number of nodes.
7. Use of Domain Generation Algorithms (DGA) in malware Command and Control (C2) infrastructure is on the rise. The malware generates random domains on infested networks, thereby generating approximately 15 times the DNS lookup rate of a clean network.
8. Mirai Botnets are being used strategically by hackers to cripple businesses. Itself a victim of a Mirai Botnet attack, Akamai has noted that such attacks involve attacking IPs for a short duration, going inactive and then re-emerging to attack different targets.
9. As many as 50 potent DDoS attacks have been launched against technology companies, educational institutions and gaming companies by hackers using Connection-less Lightweight Directory Access Protocol (CLDAP) reflection. This attack vector targets Port 389 for which proper ingress filtering isn’t in place in many organisations, and it serves to amplify smaller attacks into big ones.
“Attackers are constantly probing for weaknesses in the defenses of enterprises, and the more common, the more effective a vulnerability is, the more energy and resources hackers will devote to it,” said senior security advocate at Akamai.
“Events like the Mirai botnet, the exploitation used by WannaCry and Petya, the continued rise of SQLi attacks and the re-emergence of PBot all illustrate how attackers will not only migrate to new tools but also return to old tools that have previously proven highly effective,” he added.