​Retail the number one target for Web application attacks

Retailers were targeted in 55 per cent of all surface attacks during Q3 of 2015 finds Akamai

Web application attacks plagued the retail industry during Q3 of 2015, according to a new report by Akamai.

The Q3 2015 State of the Internet Report found that 55 per cent of these attacks were directed at retailers followed by financial services (14.7 per cent), media & entertainment (7.99 per cent) and the public sector (7.24 per cent).

"Retailers are targeted for DDoS attacks, but they are also targeted for web application layer attacks for significant reasons," states the report.

"Retailers have large amounts of valuable information in their databases, and if an adversary is able to find an SQL injection vulnerability, the attacker can access the retailer’s information. Retailers also have a large number of visitors to their websites. As a result, attackers will find and exploit cross-site scripting vulnerabilities to deface retailers’ websites, causing a loss of trust among customers," the report said.

The report noted that attackers can potentially use a compromised site for a `watering hole' attack, loading malware on visitors’ computers.

Retailers may also be a target for unvalidated requests. For example, if an attacker can control the price of the item being purchased, items may be sold for an amount much different than the retailer intended, the report said.

DDoS attacks

Once again, the online gaming industry was hit hardest by distributed denial of service (DDoS) attacks during the quarter with 50 per cent of attacks directed at the industry.

Software and technology suffered 25 per cent of all DDoS attacks during the quarter. According to Akamai, online gaming has been the most targeted industry for more than a year.

For example, the Q1 2015 State of the Internet Security Report found that gaming companies were targeted in 35 per cent of DDoS attacks during the period while the software and technology sector was targeted in 25 per cent of all attacks during Q1 2015.

The latest report found there was a 180 per cent increase in the number of DDoS attacks compare to Q3 of 2014.

Although there were more attacks, on average the attacks were shorter with lower average peak bandwidth and volume. Mega attacks – defined as 100 Gigabits per second (Gbps) were fewer: eight were recorded in Q3 of 2015 compared to 12 in Q2 and 17 in Q3 of 2014.

The largest bandwidth DDoS attack in Q3 – leveraging the XOR DDoS botnet – measured 149 Gbps. This was down from the peak 250 Gbps DDoS attack last quarter. Of the eight mega attacks, the media and entertainment sector was targeted most frequently, with three attacks. For example, one media and entertainment firm was hit by a 222 million packets per second (Mpps) DDoS attack

According to Akamai, an attack of this size could bring down a tier 1 router, such as those used by ISPs.

“Reflection-based DDoS attacks are proving more popular than infection-based DDoS. Instead of spending time and effort to build and maintain DDoS botnets as they did in the past, more DDoS attackers have been exploiting the existing landscape of exposed network devices and unsecured service protocols,” read the report.

“Whereas reflection DDoS attacks accounted for only 5.9 per cent of all DDoS traffic in Q3 2014, these attack vectors accounted for 33.19 per cent of DDoS traffic in Q3 2015.”

Akamai cloud security business unit vice president John Summers said the vendor has noticed greater numbers of DDoS attacks every quarter.

“Attacks are being fueled by the easy availability of DDoS-for-hire sites that identify and abuse exposed Internet services, such as SSDP, NTP, DNS, CHARGEN, and even Quote of the Day,” he said.

During Q3, the top five source countries for DDoS attack traffic were the United Kingdom (25.6 per cent), China (20.7 per cent), the United States (17 per cent), Spain (6.9 per cent) and India (6.93 per cent).