In ihrem aktuellen “Global DDoS Attack Report” analysiert Prolexic, eine Tochtergesellschaft von Akamai und einer der weltweit größten Anbieter von Lösungen zur Abwehr von DDoS-Angriffen, die IT-Sicherheitslage im ersten Quartal 2014. Der Report bietet eine ausführliche Analyse und umfangreiche Einblicke in die weltweite DDoS-Bedrohungslandschaft. Durch die Verfügbarkeit neuer DDoS-Toolkits wurde es in der letzten Zeit einfacher als je zuvor, massive DDoS-Angriffe auszuführen. So hat vor allem die Zahl der NTP-Amplification-Attacken, aber auch die über das Character-Generator (CHARGEN)-Protokoll durchgeführten Attacken deutlich zugenommen. In ersten Quartal 2013 war davon kaum etwas zu sehen, im ersten Quartal 2014 entfielen bereits 23 Prozent aller Attacken auf CHARGEN und NTP.
Die Highlights aus dem aktuellen Prolexic Global DDoS Attack Report im Vergleich zu Q1 2013:
- Ein Anstieg um 133 Prozent bei der durchschnittlichen Spitzenbandbreite, mit der die Attacken ausgeführt wurden
- Ein Anstieg um 68 Prozent bei den Infrastruktur-Attacken auf Layer 3 und 4
- Ein Anstieg um 47 Prozent bei der Gesamtzahl der DDoS-Attacken.
Der vollständige Report steht zum Download bereit unter www.prolexic.com/attackreports.
Der Text der vollständigen Pressemitteilung in englischer Sprache:
Akamai Publishes Prolexic Q1 2014 Global DDoS Attack Report Attackers chose reflection versus infection techniques to achieve larger DDoS attacks
114 percent increase in average peak bandwidth of DDoS attacks in Q1 vs. Q4 2013
The Media and Entertainment industry was the target of the majority of malicious attacks
Akamai Technologies, Inc. (NASDAQ: AKAM), a leading provider of cloud services for delivering, optimizing and securing online content and business applications, today announced availability of the Prolexic Q1 2014 Global DDoS Attack Report. Prolexic Technologies, now part of Akamai, is a recognized leader in Distributed Denial of Service (DDoS) protection services, and has produced the quarterly Global DDoS Attack Report since 2011. The report, which provides analysis and insight into the global DDoS threat landscape, can be downloaded at www.prolexic.com/attackreports.
“In Q1, DDoS attackers relied less upon traditional botnet infection in favor of reflection and amplification techniques, a trend Prolexic has been seeing for some time,” said Stuart Scholly, senior vice president and general manager of Security at Akamai Technologies. “Instead of using a network of zombie computers, the newer DDoS toolkits abuse Internet protocols that are available on open or vulnerable servers and devices. We believe this approach can lead to the Internet becoming a ready-to-use botnet for malicious actors.”
Prolexic has observed the most abused protocols to be Character Generator (CHARGEN), Network Time Protocol (NTP) and Domain Name System (DNS). These protocols, which are all based on the User Datagram Protocol (UDP), may be favored as they allow attackers to hide their identity. In addition, amplification-based attacks can deliver a massive flood of data at the target while requiring only a relatively small output from the source.
New reflection and amplification attack tools can deliver a powerful punch. Q1 saw a 39 percent increase in average bandwidth and the largest-ever DDoS attack to cross the Prolexic DDoS mitigation network. This attack involved multiple reflection techniques combined with a traditional botnet-based application attack to generate peak traffic of more than 200 Gbps (gigabits per second) and 53.5 Mpps (million packets per second).
This quarter saw more than half of the DDoS attack traffic aimed at the Media and Entertainment industry. This one industry was targeted by 54 percent of the malicious packets mitigated by Prolexic during active DDoS attacks in Q1.
Highlights from Prolexic’s Q4 2014 Global DDoS Attack Report:
Compared to Q1 2013
– 47 percent increase in total DDoS attacks
– 9 percent decrease in average attack bandwidth
– 68 percent increase in infrastructure (Layer 3 & 4) attacks
– 21 percent decrease in application (Layer 7) attacks
– 50 percent decrease in average attack duration: 35 vs. 17 hours
– 133 percent increase in average peak bandwidth
Compared to Q4 2013
– 18 percent increase in total DDoS attacks
– 39 percent increase in average attack bandwidth
– 35 percent increase in infrastructure (Layer 3 & 4) attacks
– 36 percent decrease in application (Layer 7) attacks
– 24 percent decrease in average attack duration: 23 vs. 17 hours
– 114 percent increase in average peak bandwidth
Analysis and emerging trends
Innovation in the DDoS marketplace has given rise to tools that can create greater damage with fewer resources. Q1’s high-volume, infrastructure-based attacks were made possible by the availability of easy-to-use DDoS tools from the DDoS-as-a-service marketplace. These tools are designed by malicious hackers to deliver greater power and convenience into the hands of less skillful attackers.
For example, in Q1, NTP reflection attacks surged, likely due to the availability of easy-to-use DDoS attack tools that support this reflection technique. The NTP flood method went from accounting for less than 1 percent of all attacks in the prior quarter to reaching nearly the same popularity as SYN flood attacks, a perennial favorite among DDoS attackers. Neither CHARGEN nor NTP attack vectors were detected in Q1 2013 but accounted for 23 percent of all infrastructure attacks mitigated by Prolexic in Q1 2014.
These DDoS trends are discussed in detail in Prolexic’s Q1 2014 Global DDoS Attack Report. A complimentary copy is available as a free PDF download at www.prolexic.com/attackreports.
Akamai and Prolexic DDoS attack reports to be merged
Akamai announced the acquisition of Prolexic in December 2013. Prolexic’s Global DDoS Attack Report and Akamai’s State of the Internet Report both cover DDoS attacks and related trends and statistics. In the coming quarters, we will be working to consolidate these publications with the goal of publishing a combined report that delivers an unparalleled level of insight into the Internet threat landscape. Follow @akamai_soti on Twitter for more information.
Prolexic, now part of Akamai, offers DDoS protection solutions that leverage proprietary DDoS filtering techniques and one of the world’s largest cloud-based DDoS mitigation network. Akamai completed the acquisition of Prolexic in February 2014. Together with Prolexic, Akamai is providing customers with a comprehensive portfolio of security solutions designed to defend an enterprise’s Web and IP infrastructure against application-layer, network-layer and data center attacks delivered via the Internet. To learn more about how Prolexic solutions stop DDoS attacks and protect business, please visit www.prolexic.com, or follow Prolexic on LinkedIn, Facebook, Google+, YouTube, and @Prolexic on Twitter.