India is vulnerable to web-application attack: Akamai report

The Internet of Things, or IoT, devices continue to be a large source of traffic for Distributed Denial of Service attacks, according to a report by Akamai Technologies


Akamai Technologies released its Fourth Quarter, 2016 State of the Internet / Security Report, which provides analysis of the current cloud security and threat landscape, as well as insight into seasonal trends. Photo: istock
Akamai Technologies released its Fourth Quarter, 2016 State of the Internet / Security Report, which provides analysis of the current cloud security and threat landscape, as well as insight into seasonal trends. Photo: istock

New Delhi: India ranks 10th in the list of Global Web Application Attack Source Countries while it is fourth on the list of top target countries for web-application attacks, according to a new report by Akamai Technologies, Inc., a global player in content delivery network services.

The company released its Fourth Quarter, 2016 State of the Internet / Security Report, which provides analysis of the current cloud security and threat landscape, as well as insight into seasonal trends.

The US and the Netherlands were the first and second-leading sources of web-application attacks for the second consecutive quarter, with Germany being the third. In the Americas, the top three sources of web application attack traffic were the US, Brazil, and Canada, respectively. Within Europe, Middle East and Africa, the top sources were the Netherlands, Germany, and Russia, in that order.

In Asia-Pacific, the top sources were China, India, and Japan, respectively.

According to the report, the Internet of Things (IoT) devices continued to be a large source of traffic for DDoS attacks or Distributed Denial of Service. The rapid proliferation of these devices will provide an expanding pool of attack resources, fuelled by the discovery of new vulnerabilities and vulnerable systems.

DDoS is a type of attack where multiple compromised systems, which are often infected with a Trojan, are used to target a single system causing a Denial of Service (DoS) attack. Victims of a DDoS attack consist of both the end targeted system and all systems maliciously used and controlled by the hacker in the distributed attack.

“As vulnerable devices are added to IoT-based botnets, we will continue to see surges in botnet capabilities and DDoS attack size.With the predicted exponential proliferation of these devices, threat agents will have an expanding pool of resources to carry out attacks, validating the need for companies to increase their security investments. Additional emerging system vulnerabilities are expected before devices become more secure,” said the report.

Key findings

DDoS attacks greater than 300 Gbps have become more common. Seven of the 10 DDoS attacks greater than 300+ Gbps ever tracked by Akamai occurred in 2016, including three in Q4.

Compared to Q4 2015, there has been a 140% increase in attacks greater than 100 Gbps. Of the 12 mega attacks in Q4 2016, software & technology organizations were targeted by two mega attacks, while gaming organizations were targeted by five mega attacks. Media & entertainment organizations were also targeted by five mega attacks — three of which reached or exceeded 300 Gbps. The top three source countries for DDoS attacks were the US (24%), the UK (10%), and Germany (7%).

In the past year, China dominated the top 10 list of source countries. In Q4 2016, China dropped to the fourth position overall, with 6% of traffic. Canada was 11th, a significant uptick from previous quarters. The average number of DDoS attacks remained steady this quarter at 30 per target, indicating that after the first attack, an organization has a high likelihood of experiencing another. Some organizations are under almost continuous attack— three to five attacks a day were launched at the most targeted organizations

DDoS attacks

Attacks greater than 100 Gbps increased 140% year-over-year from Q4 2015

The largest DDoS attack in Q4 2016, which peaked at 517 Gbps, came from Spike, a non-IoT botnet that has been around for more than two years.

Seven of the 12 Q4 2016 mega attacks, those with traffic greater than 100 Gbps, can be directly attributed to the Mirai botnet.

The number of IP addresses involved in DDoS attacks grew significantly this quarter, despite DDoS attack totals dropping overall. The United States sourced the most IP addresses participating in DDoS attacks – more than 180,000.

Web-application attacks

•The United States remained the top source country for web application attacks, showing a 72% increase from Q3 2016.

•SQLi, LFI, and XSS web-application vectors accounted for 95% of observed web application attacks in Q4 2016, similar to Q3 2016.

•The number of web-application attacks in Q4 2016 was down 19% from Q4 2015; however, research into retail traffic over the United States Thanksgiving holiday week revealed an upward trend for four sub-verticals (apparel and footwear, consumer portals, consumer electronics and media and entertainment) that all suffered from significant web application attacks.

“If anything, our analysis of Q4 2016 proves the old axiom ‘expect the unexpected’ to be true for the world of web security.The industry should be prepared to see other botnet operators testing the limits of their attack engines, generating ever larger attacks,” the report concluded.

More From Livemint