Akamai Reports Global DDoS Attacks Surged 71 Percent During Q3 Thanks To Mirai Botnet
We recently witnessed a new and disturbing trend in cyber security and that is the widespread hacking of Internet connected devices to initiate DDoS attacks on an unprecedented scale. That is the method that made possible the Mirai botnet that targeted security expert Brian Krebs and his security blog with 620 gigabits per second of traffic, which at the time was a record. It is also what's causing a surge in DDoS attacks, as noted by content delivery network (CDN) Akamai.
The CDN made its findings known in a recent security report compiled with data gathered from its intelligence platform. In it Akamai notes that the two largest DDoS attacks this past quarter both leveraged the Mira botnet. DDoS as a whole shot up 71 percent compared to the same quarter a year ago, and 8 percent sequentially.
"Every couple of years the industry faces what could be considered ‘harbinger attacks’, where the size and scope of a security event are radically different than what has come before. I believe the industry faced its latest ‘harbinger’ with the Mirai botnet," said Martin McKeay, senior security advocate and senior editor, State of the Internet/Security Report. "The Mirai botnet also made concrete the industry’s fear that Internet of Things (IoT) and other Internet connected devices could be used for both web application and DDoS attacks, illustrating the need for device manufacturers to place a greater emphasis on security."
There were 4,556 DDoS attacks in third quarter. Out of those, 19 were considered mega attacks, which are those that peaked at more than 100 Gbps. That matches the high point in the first quarter of 2016 and going forward things are only going to get worse. With the source code for Mirai having been released in the wild, Akamai expects to see new and more capable variants emerge.
The CDN also notes that this is an avoidable outlook.
"Mirai is a botnet that would not exist if more networks practiced basic hygiene, such as blocking insecure protocols by default," Akamai says. "This is not new—we’ve seen similar network hygiene issues as the source of infection in the Brobot attacks of 2011 and 2012. The botnet spreads like a worm, using telnet and more than 60 default username and password combinations to scan the Internet for additional systems to infect."
Even though botnets leveraging today's crop of Internet of Thing (IoT) devices is avoidable, it will take a concerted effort by both device makers and consumers to ensure that these gadgets are properly secured. Otherwise expect more of the same going forward.
The CDN made its findings known in a recent security report compiled with data gathered from its intelligence platform. In it Akamai notes that the two largest DDoS attacks this past quarter both leveraged the Mira botnet. DDoS as a whole shot up 71 percent compared to the same quarter a year ago, and 8 percent sequentially.
"Every couple of years the industry faces what could be considered ‘harbinger attacks’, where the size and scope of a security event are radically different than what has come before. I believe the industry faced its latest ‘harbinger’ with the Mirai botnet," said Martin McKeay, senior security advocate and senior editor, State of the Internet/Security Report. "The Mirai botnet also made concrete the industry’s fear that Internet of Things (IoT) and other Internet connected devices could be used for both web application and DDoS attacks, illustrating the need for device manufacturers to place a greater emphasis on security."
There were 4,556 DDoS attacks in third quarter. Out of those, 19 were considered mega attacks, which are those that peaked at more than 100 Gbps. That matches the high point in the first quarter of 2016 and going forward things are only going to get worse. With the source code for Mirai having been released in the wild, Akamai expects to see new and more capable variants emerge.
The CDN also notes that this is an avoidable outlook.
"Mirai is a botnet that would not exist if more networks practiced basic hygiene, such as blocking insecure protocols by default," Akamai says. "This is not new—we’ve seen similar network hygiene issues as the source of infection in the Brobot attacks of 2011 and 2012. The botnet spreads like a worm, using telnet and more than 60 default username and password combinations to scan the Internet for additional systems to infect."
Even though botnets leveraging today's crop of Internet of Thing (IoT) devices is avoidable, it will take a concerted effort by both device makers and consumers to ensure that these gadgets are properly secured. Otherwise expect more of the same going forward.
