Slideshow: Q2 2015 Onion Router Threat Analysis from StateoftheInternet.com

1
Q2 2015
2
malicious activity key trends

• In both Q1 and Q2 of 2015, the number of DDoS
  attacks recorded hit a new record
• For the last three quarters, year-over-year
  DDoS activity has doubled
• Since Q2 of 2014, the profile of the typical
  attack has shifted from high-bandwidth,
  short-duration attacks to less powerful, longer
  duration attacks
• Mega attacks are getting larger and more
  frequent
• The largest attack measured 249 Gbps
• Five attacks in Q2 2015 peaked at over 50 Mpps
• SYN and Simple Service Discovery Protocol
  (SSDP) were the most common attack vectors
• Though infrastructure attacks are most common,
  application layer DDoS attacks continue to grow
  rapidly

2 / The State of the Internet / Security (Q1
2015)
3
major DDoS statistical trends

• Dramatic increase in DDoS attack frequency
• Compared to Q2 2014, a 132 increase in total
  DDoS attacks
• Longer, less powerful attacks persist
• Average peak volume of attacks decreased by 77
  percent compared to Q2 2014
• Average peak bandwidth decreased 11
• Average attack duration increased 19
• Mega attacks double year-over-year
• Q2 2014 saw 6 attacks exceeding 100 Gbps
• 12 attacks in Q2 2015 exceeded 100 Gbps

3 / The State of the Internet / Security (Q1
2015)
4
DDoS attack makeup

• Infrastructure-layer attacks dominated DDoS
  methodologies, accounting for 90 of all recorded
  attacks
• SYN floods were the most common attack vector,
  at 16 of all DDoS Attacks
• SYN floods played a significant role in mega
  attacks
• Largely due to the rise of SSDP attacks, the
  percentage of SYN floods has declined since Q2
  2014, when it was 26
• SSDP attacks were just under 16 of total DDoS
  attacks
• Slight decline from Q1 2015, when SSDP attacks
  were 21 of total
• SSDP attacks are more difficult to mitigate
  because they often use unsecured, home-based
  Internet devices
• Most-common application-layer attack was HTTP
  GET , accounting for 7.5 of DDoS activity,
  consistent with Q1 2015 and Q4 2014 observations

4 / The State of the Internet / Security (Q1
2015)
5
mega attacks in Q2 2015

• In Q2 2015, 12 DDoS attacks registered more
  than 100 Gbps
• The largest attack measured 249 Gbps, a
  significant increase from the largest (170 Gbps)
  attack of Q1 2015
• Gaming sites were the primary target of the
  attacks
• Two of 12 mega attacks target gaming sites
  directly
• The 10 attacks recorded against Internet and
  telecom were actually targeting gaming sites
  hosted on the customer network
• 50 Mpps attacks threatened significant damage
  in Q2
• Attacks of this volume can exhaust ternary
  content addressable memory (TCAM) resources and
  take out tier 1 routers, such as those used by
  Internet service providers (ISPs)
• A 214 Mpps attack on June 12 was one of the
  three largest DDoS attacks ever recorded across
  the Prolexic Routed network
• Attack was based on a UDP flood with 1-byte
  packets
• Generated 70 Gbps of attack traffic

7 / The State of the Internet / Security (Q1
2015)
6
mega attacks in Q2 2015 gt100 Gbps
7
targeted industries

• Gaming has been the most targeted industry since
  Q2 2014
• Online gaming networks suffered 35 of DDoS
  attacks, as in Q1 2015
• Software and Technology, including
  Software-as-a-Service and cloud-based
  technologies, was the second most common target
• Suffered 28 of attacks, a slight increase of 2
  from Q1 2015
• Internet and Telecoms suffered 13
• Slight decrease of 1 from last quarter
• Media and Entertainment surpassed Financial
  Services
• Attacks on media and entertainment businesses
  increased by 2 percent.

5 / The State of the Internet / Security (Q1
2015)
8
source countries

• China remained the leading source of
  non-spoofed DDoS attack traffic
• Accounted for 37 of DDoS traffic, up from 23
  last quarter
• US rose to second place
• 18 of recorded DDoS traffic originated from the
  US
• A shift from Q2 2014, when the US was the number
  one source at 20
• UK was the third most common source country
• Accounted 10 of DDoS traffic
• In Q2 2014, the UK was not in the top 10
• Decreases in percentages do not represent a
  drop in DDoS traffic from these countries
• DDoS traffic sources have increasingly
  diversified other countries are producing more
  DDoS traffic, rather than the US producing less

6 / The State of the Internet / Security (Q1
2015)
9
Q1 2015 State of the Internet Security Report

• Download the Q2 2015 State of the Internet
  Security Report
• The Q2 2015 report covers
• Analysis of DDoS web application attack trends
• Bandwidth (Gbps) and volume (Mpps) statistics
• Year-over-year and quarter-by-quarter analysis
• Attack frequency, size, types and sources
• Multi-vector mega attacks leveraging UPD and SYN
  floods
• Dangers of third-party WordPress plugins and
  themes
• Analysis of the Onion Router (Tor) project risks
• Threat advisories issued in Q2 2015, including
  OurMine Team and RIPv1

9 / The State of the Internet / Security (Q1
2015)
10
about stateoftheinternet.com

• StateoftheInternet.com, brought to you by Akamai,
  
• serves as the home for content and information
  intended to provide an informed view into online
  connectivity and cybersecurity trends as well as
  related metrics, including Internet connection
  speeds, broadband adoption, mobile usage,
  outages, and cyber-attacks and threats.
• Visitors to www.stateoftheinternet.com can find
  current and archived versions of Akamais State
  of the Internet (Connectivity and Security)
  reports, the companys data visualizations, and
  other resources designed to put context around
  the ever-changing Internet landscape.

10 / The State of the Internet / Security (Q1
2015)