Akamai reveals 125 per cent jump in DDoS attacks

Records record level of 100Gbps+ attacks

Akamai has recorded a large year-on-year increase in distributed denial of service (DDoS) attacks, with its Q1 State of the Internet – Security report also revealing significant growth in 100Gbps+ DDoS attacks.

Akamai said it had witnessed a greater than 125 per cent year-on-year increase in DDoS attacks in Q1 across the CDN provider’s network. The number of DDoS attacks — more than 4500 — represented a 22 per cent increase on Q4 2015.

Nineteen 100Gbps+ DDoS attacks were recorded during the quarter, setting a new record. The previous largest number of “mega attacks” Akamai had recorded in a single quarter was 17 — a record set in Q3 2014.

Web application attacks grew by a quarter compared to Q4 2015, Akamai said. During Q1, Australia was the seventh most popular target for Web application attacks (the US topped the list at 60 per cent, compared to Australia’s 3 per cent).

Akamai tracks Web application attacks across nine categories: SQL injection, remote file inclusion, PHP injection, malicious file upload, command injection, local file inclusion, Java injection, cross-site scripting, and exploitation of the ‘Shellshock’ Bash vulnerability.

SQL injection and local file inclusion (where an attack gains unauthorised read access to local files on a web server), and cross-site scripting (XSS) accounted for 90 per cent of the attacks over HTTP (over HTTPS, local file inclusion, SQL injection and the Shellshock vulnerability were used in 89 per cent of attacks).