Akamai: DDoS Attacks Getting Harder To Detect


Distributed denial-of-service attacks are steadily rising, targeting enterprise applications and corporate networks in an attempt to disrupt them or bring them down completely, and the malicious network traffic is becoming more difficult to filter out, according to a new report.

Cloud hosting provider Akamai said customers reported 318 DDoS attacks in the second quarter of 2013, a 54 percent increase over the 208 reported attacks in the first quarter. In its Second Quarter State of the Internet Report, Akamai said tracking DDoS traffic has become increasingly difficult, forcing the company to rely on its customers to help it differentiate between legitimate and malicious traffic.

"Adversaries conducting DDoS attacks spend increasing effort to make their attacks look more and more like legitimate 'flash mobs' in an effort to elude automated defenses; this creates an ever-escalating arms race to automate the manual analysis that often goes into assessing whether an event was an attack or legitimate traffic due to an unplanned event," Akamai said in its report.

[Related: 5 Reasons DDoS Attacks Are Gaining Strength]

High-profile attacks against U.S. firms in the past year have increased attention on DDoS mitigation measures. Some companies recently have documented cybercriminals using DDoS as a tool to disrupt security teams when making unauthorized wire transfers. Akamai said the attacks could not be traced back to the Middle Eastern hacktivist group that had claimed credit for the assaults on U.S. banking websites at the end of 2012. Akamai noted that the group's activity has declined.

There were 768 DDoS attacks reported in 2012. In the first half of 2013 Akamai said it received 516 attack reports. The U.S. and South America accounted for nearly two-thirds of all attacks, but Akamai said the second quarter brought a significant shift of attacks targeting businesses in Europe, the Middle East, Africa to the Asia-Pacific region. Attacks on large businesses increased significantly in the second quarter, driven by a series of attacks on business services customers in the Asia-Pacific region.

Security experts told CRN that newly configured DDoS attack toolkits such as Dirt Jumper are popular and have components to bypass detection systems and filters. High-level attacks that target application and logical layers, such as attacks that repeatedly download large files, often require intervention to mitigate, Akamai said. Attacks that target lower-level network layers are automatically filtered out.

Financial services companies continued to get pummeled by malicious traffic, according to Akamai. Business services firms also took a hit, as did pharmaceutical firms and health-care organizations, Akamai said.

The Cambridge, Mass., company also said that most attack traffic originated from Indonesia, accounting for 38 percent of malicious traffic, followed by China with 33 percent and the U.S. with 6.9 percent. The Asia-Pacific region was responsible for nearly 80 percent of observed attacks, an increase of 68 percent from the first quarter, Akamai said.

Attacks targeting Web clients increased significantly in the second quarter, Akamai said, followed by attacks targeting secure website communications.

PUBLISHED OCT. 16, 2013