Bringing Down The Internet …

One of my favouriate talks at a recent Big Data in Cyber Security conference was presented by Dave Lewis of Akamai. Few companies know the…

Bringing Down The Internet …

One of my favouriate talks at a recent Big Data in Cyber Security conference was presented by Dave Lewis of Akamai. Few companies know the Internet better than Akamai, and their State of the Internet publications gives a heart beat analysis of the current state of the Internet, and its associated risks. Here is the talk:

We were lucky enough to feature in an Akamai State of the Internet publication for our TFTP Reflection Attack [here], and Akamai’s reports are a must read document [here]. For DDoS, the report, between Q4 of 2016 and 2017:

  • A 14% increase in total DDoS attacks.
  • A 14% increase in infrastructure-layer (layers 3 & 4) attacks.
  • A 4% increase in reflection-based attacks.
  • A 22% increase in application-layer attacks DDoS attacks.
  • A 115% increase in application-layer attacks.

The countries sourcing the most DDoS has moved from the US and UK to Germany and China (and who now source over half attacks):

The US saw a 31% yearly increase in DDoS sourced attacks.

Overall it was the connection-less protocols such as UDP, DNS and NTP are still the top vectors for attacks, as they are difficult to block:

The targets for DDoS are often related to those industries where a good quality of service is required for their operation. At the top as a target is the gaming industry, ISPs and the Finance Industry:

The financial industry saw a massive increase in DDoS attacks, with 298 DDoS attacks against against 37 distinct organisations. The attacks, though, are generally moving up the stack with Web Applications the target:

  • 10% increase in total web application attacks.
  • 10% increase in SQLi attacks Web application attacks.

So while the US was down in terms of DDoS, they were very much leading the way in Web application attacks, and with the US, The Netherlands and China in providing around half of all Web attacks:

And for targets it seems that the US, Brasil and the UK are the most popular countries:

For credential abuse (the stealing of user passwords, and so on), it is Retail and Hotel and Travel which has the most problems:

Overall it the Hotel and Travel sector had 82% of their login attempts from malicious botnets.

And the survey highlights the increasing amount of botnet traffic, such as for Web scrapping. For this the report again highlights that the Retail industry is most effected by bots:

The growth in botnet traffic continues with over 146 Petabytes of traffic in a single month and which translates to a throughput of around 550 Mbps.

Conclusions

The report highlights the threats around IoT, and sees this as a potential threat to the Internet in 2018. If you think we have created a robust infrastructure for resilience, then think again. If you think it is ready for the expansion of IoT, then you definitely need to think again. We have an old and creaking infrastructure — based on old protocols — we need to start building a better version, otherwise it will collapse.