The latest report from Akamai has revealed an increase in DDoS attacks and a resurgence of botnets to carry out server-based attacks.
The Q2 2014 Global DDoS Attack Report from Prolexic Technologies, now part of Akamai, revealed that DDoS activity has increased by 22 percent, putting it close to the record-breaking levels set in the year’s first quarter.
A 72 percent increase in the average bandwidth of attacks means DDoS activity has become stronger and more capable of overwhelming targets with data packets.
Prolexic revealed that DDoS activity was mostly fuelled by reflection-based attacks that abuse common web protocols, and server-side botnets that exploit the web vulnerabilities in Windows, Linux and content-management systems.
Jay Coley, senior director of Line Services at Akamai, put the increase in botnets down to the current political climate and the ease of exploitable vulnerabilities in traditional internet services, such as the Network Time Protocol and Domain Name System.
“Attackers are able to use these services to ‘reflect’ attacks and increase the strength of traditional botnets by 100 to 400 percent,” he explained.
“These tools also add a layer of obscurity to the botnets as they are never actually touching the targets directly, but ‘reflecting’ and increasing their attacks using these exploits.”
Nearly half of the DDoS attacks were aimed at IT infrastructure rather than websites or applications. Vendors of cloud services such as Platform-as-a-Service (PaaS) and Software-as-a-service (SaaS) were identified as common targets.
The researchers warned that such attacks could exhaust incoming network bandwidth and essentially cripple entire data centres.
Stuart Scholly, senior vice president of security at Akamai Technologies, said that behind these powerful attacks are evolving tactics to build, conceal and deploy dangerous botnets.
“Server-side botnets are preying on web vulnerabilities, and reflection and amplification tactics are allowing attackers to do more with less,” explained Scholly.
While Akamai said that server-side botnets have only been observed in the most sophisticated and orchestrated DDoS attacks, high-volume infrastructure attacks bear the hallmarks of being specifically tailored to avoid DDoS mitigation technology.
Given the rise of cloud computing and adoption of service-based IT infrastructure, Akamai believes that the effectiveness of such DDoS attacks pose a significant threat to businesses and even government organisations.
Worryingly, the itsoknoproblembro (Brobot) botnet – once thought to be extinct – is still causing problems. Server infection attacks in the second quarter indicated that the botnet was still in place and being stealthily maintained.
Brobot’s revival could be troubling for financial organisations given how the infamous Operation Abigail, executed between 2012 and 2013, saw companies such as JPMorgan and the New York Stock Exchange targeted by powerful DDoS attacks.
Cyber attacks are a common occurrence despite growing concerns and awareness over cyber security. In April, Verizon revealed that analysis of 10 years’ worth of data found that 92 percent of all security incidents recorded were from nine basic cyber attacks.
Recently, V3 reported that cyber attacks cost UK businesses a massive £1.5m per data breach, according to research from PwC and BIS. PwC said this highlighted a need for companies to invest more in IT defences and train employees to follow cyber-security best practices.