20 February 2017

State of the Internet / Security Q4 2016

By Akamai 

The fourth quarter of 2016 was relatively quiet for web application attacks. The biggest sales season of the year usually signals a marked increase in the number of attacks for all customers - especially retailers. Many merchants breathed a sigh of relief at not being attacked during their most important shopping days.

That's not to say everyone got off without some stress. The days surrounding Thanksgiving, traditionally mark the start of the holiday shopping season in the U.S.. In our Spotlight on Thanksgiving Attacks, we describe an overall daily attack trend and how four retail sub-verticals were each hit by different types of attacks.

The Mirai botnet continued as one of the largest threats in the fourth quarter, but it is not the only Internet of Things (IoT)-based botnet. At least two other major IoT-based botnets are in use. They may be variants of Mirai or new, unrelated botnets. In any case, IoT continues to provide resources to fuel future DDoS attacks. In an analysis of scanning on ports 23 and 2323, we explain our conclusion that, although some timelines place the development of Mirai in early July 2016, our data indicates earlier reports - as early as May 13th.

Highlights include: 

Five botnets and the rise of 300+Gbps DDoS attacks 

Mirai malware's birthdate revealed by scanning data 

DDoS attacks per target 

New types of reflection DDoS attacks 

Retailers that were targeted by web attacks over Thanksgiving 

Top source countries by region for web attacks 

Our research team also published three new papers, taking a deep dive into mDNS reflection attacks, the Mirai botnet, and the Dark Web.

No comments: