Analyzing the latest wave of mega attacks

[frogboy]

A new report, using data gathered from the Akamai Intelligent Platform, provides analysis of the current cloud security and threat landscape, including insight into two record‑setting DDoS attacks caused by the Mirai botnet.

DDoS attacks

• The two largest DDoS attacks this quarter, both leveraging the Mirai botnet, were the biggest observed by Akamai to-date – recorded at 623 Gbps and 555 Gbps.
• Compared to Q3 2015, total DDoS attacks increased 71 percent in Q3 2016.
• During the third quarter, Akamai mitigated a total of 4,556 DDoS attacks, an eight percent decrease from Q2.
• There were 19 mega attacks mitigated in Q3 that peaked at more than 100 Gbps, matching the Q1 2016 highpoint.
• Q3 2016 showed that NTP reflection attacks are apparently becoming a less viable option for attackers. The average size of an attack relying solely on NTP reflection is approximately 700 Mbps, a significant drop from the June 2014 average of more than 40 Gbps.

“Every couple of years the industry faces what could be considered ‘harbinger attacks’, where the size and scope of a security event are radically different than what has come before. I believe the industry faced its latest ‘harbinger’ with the Mirai botnet,” explained Martin McKeay, senior security advocate and senior editor, State of the Internet/Security Report. “The Mirai botnet also made concrete the industry’s fear that Internet of Things (IoT) and other Internet connected devices could be used for both web application and DDoS attacks, illustrating the need for device manufacturers to place a greater emphasis on security.”

Web application attacks

• Q3 2016 showed an 18 percent decrease in total web application attacks from Q3 2015.
• In Q3 2016, web application attacks sourced from the United States decreased by 67 percent from Q3 2015.
• Brazil, the top country of origin for all web application attacks in Q2 2016, experienced a 79 percent decrease in attacks this quarter. The United States (20 percent) and Netherlands (18 percent) were the countries with the most web application attacks.
• Web application attack metrics measured around major sporting events suggest malicious actors may take time off to watch their favorite teams. For example, on the day that France played Portugal in the European soccer championship, there was a 95 percent decrease in attacks sourcing from Portugal (20 attacks) as opposed to a day one month later (392 attacks). On the same day in France, there were 50,597 attacks as compared to 158,003 one month later – a 68 percent difference.

Spotlight on attack vectors

• UDP fragments and DNS reflection attacks were the two most common vectors in Q3, accounting for 44 percent of all vectors – an increase of 4.5 percent from Q2.

Full Article. Analyzing the latest wave of mega attacks - Help Net Security

• 
  
  

 

[tim one]

Mirai Botnet is the next generation attack and unfortunately it will be just the beginning: disturbing, I believe it is the appropriate word.

 

[Wave]

What can I say? At least these mega attacks are in Waves, and since I'm a Wave I think the companies should hire me as a defense mechanism.

 

[tim one]

What can I say? At least these mega attacks are in Waves, and since I'm a Wave I think the companies should hire me as a defense mechanism.

LOL.. waiting for that!

 

[frogboy]

What can I say? At least these mega attacks are in Waves, and since I'm a Wave I think the companies should hire me as a defense mechanism.

Sounds like a good plan.

 

[ForgottenSeer 55474]

I think it is very scary than "they" can take down 20% of U.S. internet,only for some hours I know but anyway.
What would happen to a little country like denmark,lights out!

 

[In2an3_PpG]

I think it is very scary than "they" can take down 20% of U.S. internet,only for some hours I know but anyway.
What would happen to a little country like denmark,lights out!

There was an attack recently that took Liberia out. So yeah, Denmark would probably be no problem if they wanted but anyway the September 20th and 22nd attacks are crazy in size. OVH got hit with the first 1Tbps attack just after that chart ended.

 

[Wave]

I think it is very scary than "they" can take down 20% of U.S. internet,only for some hours I know but anyway.
What would happen to a little country like denmark,lights out!

What would happen? They would be wasting parts of their life on useless things, such as taking down 20% of the U.S. internet. What would they actually gain by doing this? Unless someone was paying the people to do it, then they are gaining money, but they'd still be wasting time as the time they took to do this they could have been doing something else which is better.

Sometimes I really don't understand some people who are hackers... So let's use malware as an example, rootkits specifically. Some rootkits use some very powerful techniques for concealment/protection, sometimes even better than what AV vendors do for their products (of course with AV products they need to remember not to cross the "unethical" line, such as bypassing KPP to hook in kernel-mode to make even more powerful self-protection), involving a whole number of things... Extensive knowledge on the Windows Internals (e.g. NTAPI, Win32 API), injection (manual mapping for both x86 and x64), experience with device driver development (e.g. kernel-mode callbacks)... They could try and get a job at a real security company and most likely make around near £100k-200k per year... Instead of going against the law and taking risk for doing bad things which affect people and cause expensive damages.

 

[jamescv7]

With those numbers in the statistics; security industry and other organization should implement stronger measures against painful DDOS attacks.

Now for sure, intruders are happy to see that wave attacks could not prevent even tough ones.

 

[Myriad]

Has anybody seen this , from Norsecorp ?

It claims to show a real-time analysis of current global cyber-attacks as an animated world map .

It never occurred to me to look at it on the days of the massive Mirai botnet attacks.
Did anyone else check it on those particular days ?

I'm not sure that I believe it , but it's interesting to watch ( for a while anyhow ) .

 

[frogboy]

Has anybody seen this , from Norsecorp ?

It claims to show a real-time analysis of current global cyber attacks as an animated world map .

It never occurred to me to look at it on the days of the massive Mirai botnet attacks.
I'm not sure that I believe it , but it's interesting to watch ( for a while anyhow ) .

Yes it rather scary to watch in real time.

 

[askmark]

Has anybody seen this , from Norsecorp ?

It claims to show a real-time analysis of current global cyber-attacks as an animated world map .

It never occurred to me to look at it on the days of the massive Mirai botnet attacks.
Did anyone else check it ?

I'm not sure that I believe it , but it's interesting to watch ( for a while anyhow ) .

Not sure what I'm looking at but it sure looks cool