Akamai Technologies published its 2015 State of the Internet Security report, which says DDoS attacks have more than doubled in the first quarter of 2015. The number of distributed denial-of-service (DDoS) attacks in first quarter of 2015 more than doubled the number of DDoS attacks in Q1 of 2014, according to Akamai Technologies’ Q1 2015 State of the Internet Security report.Eight mega attacks were launched against Akamai customers, with the largest measuring almost 170 Gbps. “The significant increase in potential peak attack traffic suggests attackers have been developing new ways to maximize impact,” Akamai said. “As more advanced, potent tools become available, unskilled adversaries could become capable of much more damaging assaults.” Furthermore, with the adoption of IPv6, attacks may create a larger and potentially more effective DDoS attack surface.Although there were mega-attacks, the attack mindset has changed with the average DDoS attack using less bandwidth but lasting 24 hours or more.The gaming industry was again hit with the largest share of attacks, as five of those mega attacks “listed as Internet & Telecom were actually targeting gaming sites hosted on the customer network.” All but one contained SYN floods. Gaming has been the most targeted industry since Q2 2014; the software and technology industry was next, followed by the Internet and telecom industry. Akamai noted, “Infrastructure attacks increased 125% year over year, making up 91% of total DDoS attacks.” DDoS attack vectors have changed as exploiting the Simple Service Discovery Protocol (SSDP) has become the top attack vector; SSDP attacks “represented the top overall infrastructure-based attack, bypassing SYN floods, which was the top attack vector in Q4 2014.”There’s no shortage of devices with the SSDP protocol as it “comes enabled on millions of home and office devices—including routers, media servers, web cams, smart TVs and printers—to allow them to discover each other on a network, establish communication and coordinate activities.” Akamai said, “Not only is this attack easy for malicious actors to execute, but the number of vulnerable reflectors does not appear to be diminishing.” Attackers are armed with a list of vulnerable devices and use them as reflectors to amplify a DDoS attack. Listed under the “attack spotlight” for Q1 2015, Akamai said, “attacks targeting an Akamai property were traced to a group of DDoS attack services found in the DDoS-for-hire market. These booter/stresser sites appear to make use of shared attack scripts found in underground forums. Booters evolved in the multi-player online game world, as DDoS attacks aimed at evicting, or booting, a player from a site. Malicious actors have made these attacks available for sale.”Last year, peak attack traffic from booter/stressor sties was about 10-20 Gbps. But now the attack sites are “more dangerous, capable of launching attacks in excess of 100 Gbps. With new reflection attack methods being added continually, such as SSDP, the potential damage from these is expected to continue increasing over time.”Web app attacksAkamai focused its analysis on seven common web application attack vectors: SQL injection (SQLi), local file inclusion (LFI), remote file inclusion (RFI), PHP injection (PHPi), command injection (CMDi), Java injection (JAVAi) abusing Object Graph Navigation Language (OGNL), and malicious file upload (MFU). Together they accounted for 178.85 million web app attacks.Among the application attacks Akamai analyzed for the Q1 2015 report, “163.62 million were sent over (unencrypted) http. This represented 91.48% of the application attacks.” There were 15.23 million attacks over HTTPS, with LFI being the top attack vector at 71.54%, followed by SQLi at 24.20%.Attacker source countries At 23.45%, China was again the top source country for DDoS attacks; Germany was responsible for 17.39% and the U.S. for 12.18%. “Combined, China, Germany and the U.S. accounted for more than 50% of attacking IPs in this quarter,” Akamai wrote.Yet when it comes to the top countries responsible for web app attacks, the U.S. was the top source country of attacking IPs at 52.42%, followed by China (11.39%), Brazil (6.09%) and India (5.33%).It might then come as no surprise that the U.S. was also the most targeted for web app attacks with a whopping 81.61% in Q1 2015.You can grab a copy of Akamai’s always interesting report here. Related content news Dow Jones watchlist of high-risk businesses, people found on unsecured database A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server. By Ms. Smith Feb 28, 2019 4 mins Data Breach Hacking Security news Ransomware attacks hit Florida ISP, Australian cardiology group Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently. By Ms. Smith Feb 27, 2019 4 mins Ransomware Security news Bare-metal cloud servers vulnerable to Cloudborne flaw Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks. By Ms. Smith Feb 26, 2019 3 mins Cloud Computing Security news Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through VR By Ms. Smith Feb 21, 2019 4 mins Hacking Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe