India is one of the top target countries for DDoS attacks. With 11.1 million attacks, India ranked 4th while US topped the list with 242 million attacks. Akamai technologies claims that there has been a 27% rise in total web application attacks in Q4. This was Q4 and the good news is we have ranked at 8th for the Q1 report by the same intelligence.
In the report released Q1-2017, however India has seen low number of attacks making it 8th most attacked country. Year-on-year there has been 35% rise from Q1-2016. The Akamai Technologies report says that- “Use cases for botnets like Mirai have continued to advance and change, with attackers increasingly integrating Internet of Things vulnerabilities into the fabric of DDoS botnets and malware. It’s short sighted to think of Mirai as the only threat, though. With the release of the source code, any aspect of Mirai could be incorporated into other botnets. Even without adding Mirai’s capabilities, there is evidence that botnet families like BillGates, elknot, and XOR have been mutating to take advantage of the changing landscape.”
US is still the top country in number of web applications attacks with 57% y-o-y rise from Q1-2016. The top three attack vector used against web application in Q1-2107 were- SQLi, XSS and LFI. Netherlands, for a small country of 17 million citizens, remained a consistent source of attacks. UDP fragment, DNS and NTP maintained their positions as the top three DDoS attack vectors, while reserved protocol floods and connection floods were also on the Q1 2017 attack vectors list. The Q1 2017 top three most frequent attack vectors per week were ACK, CHARGEN, and DNS.
Also-New reflection attack vector Connectionless Lightweight Directory Access Protocol (CLDAP) was discovered and has been observed producing DDoS attacks comparable to DNS reflection with most attacks exceeding 1 Gbps.The largest DDoS attack in Q4-2016, which peaked at 517 Gbps, came from Spike, a non-IoT botnet that has been around for more than two years. Seven of the 12 Q4-2016 mega attacks, those with traffic greater than 100 Gbps, can be directly attributed to Mirai – a malware that turns Linux running computers into remotely controlled bots. The number of IP addresses involved in DDoS attacks grew significantly this quarter, despite DDoS attack totals dropping overall. The United States sourced the most IP addresses participating in DDoS attacks – more than 180,000.
Expecting the unexpected should keep the IT managers on toes in coming quarters. Gartner estimates that by 2020, 80% of new deals for cloud-based CASB will be packaged with network firewall, secure web gateway (SWG) and web application firewall (WAF) platforms, making web applications the most vulnerable part of your network.
This leads us to a greater risk and calls for better security measures to be in place. Information can help companies better understand and take security decision for safe keeping.
At Logix Infosecurity , our mission is to help companies to stay protected and safe. We want every organization to take preventive actions before they are victim of Phishing, Spamming, Spoofing or Ransomware.