The ever increasing exposure of businesses to online threats is a growing one as attackers employ a combination of more sophisticated attacks; greater resources for brute force attacks; and a combination of tactics.
Akamai's belief is that the more you know about cyber security threats, the better you can defend your enterprise.
These attackers are continually changing the game by switching tactics, seeking out new vulnerabilities and even bringing back old techniques that were considered outdated.
By analyzing the attacks observed over our Akamai networks and those of their clients, Akamai has been able to identify emerging threats and trends and provide the public with the information to harden their networks, websites and application and improve their cloud security profiles.
This has necessitated the inclusion of new attack probabilities and platforms for monitoring purposes. For example, for this report, Akamai has added two web application attack vectors to our analysis; examined the perceived threat posed by the onion router (Tor) traffic; and even uncovered some new vulnerabilities in third-party WordPress plugins
DDoS attack activity at a glance
- For the past three quarters, there has been a doubling in the number of DDoS attacks year over year
- The largest DDoS attack of Q2 2015 measured more than 240 gigabits per second (Gbps) and persisted for more than 13 hours.
- SYN and Simple Service Discovery Protocol (SSDP) were the most common DDoS attack vectors this quarter - each accounting for approximately 16% of DDoS attack traffic. The proliferation of unsecured home-based, Internet-connected devices using the Universal Plug and Play (UPnP) Protocol continues to make them attractive for use as SSDP reflectors. Practically unseen a year ago, SSDP attacks have been one of the top attack vectors for the past three quarters. SYN floods have continued to be one of the most common vectors in all volumetric attacks, dating back to the first edition of the security reports in Q3 2011.
- Online gaming has remained the most targeted industry since Q2 2014, consistently being targeted in about 35 percent of DDoS attacks. China has remained the top source of non-spoofed attack traffic for the past two quarters, and has been among the top three source countries since the very first report was issued in Q3 2011.
This quarter’s report, which provides analysis and insight into the global cloud security threat landscape, can be downloaded at www.stateoftheinternet.com/security-report.