Security Market Segment LS
Sunday, 01 July 2018 22:39

Akamai's 'Summer 2018' State of the Internet report shows the rot of bots and relentless attacks


Cyber security defenders face "increasing threats from organisations in the form of bot-based credential abuse targeting the hospitality industry and advanced distributed denial of service attacks".

According to Akamai, and its latest Summer 2018 SOTI (State of the Internet) report, which is of course the winter time-frame for us here in the Southern Hemisphere, "analysis of current cyber attack trends for the six month period from November 2017 through April 2018 reveals the importance of maintaining agility not only by security teams, but also by developers, network operators and service providers in order to mitigate new threats".

Hospitality industry vs bots: analysis of fraud attempts

Akamai's report shows the use of bots to abuse stolen credentials "continues to be a major risk for Internet-driven businesses, but data from this report reveals that the hospitality industry experiences many more credential abuse attacks than other sectors".

"Akamai researchers analysed nearly 112 billion bot requests and 3.9 billion malicious login attempts that targeted sites in this industry including airlines, cruise lines and hotels among others.

"Nearly 40% of the traffic seen across hotel and travel sites is classified as 'impersonators of known browsers', which is a known vector for fraud.

"Geographical analysis of attack traffic origination reveals that Russia, China and Indonesia were major sources of credential abuse for the travel industry during the period covered by the report, directing about half of their credential abuse activity at hotels, cruise lines, airlines, and travel sites.

"Attack traffic origination against the hospitality and travel industry from China and Russia combined was three times the amount of attacks originating in the US."

Martin McKeay, senior security advocate, Akamai, and senior editor of the State of the Internet / Security report, said: "These countries have historically been large centres for cyber attacks, but the attractiveness of the hospitality industry appears to have made it a significant target for hackers to carry out bot-driven fraud.".

The rise of advanced DDoS attacks highlights need for security adaptability

The report continues, noting that "while simple volumetric DDoS attacks continued to be the most common method used to attack organisations globally, other techniques have continued to appear".

"For this edition of the report, Akamai researchers identified and tracked advanced techniques that show the influence of intelligent, adaptive enemies who change tactics to overcome the defences in their way.

"One of the attacks in the report came from a group that co-ordinated their attacks over group chats on STEAM and IRC.

"Rather than using a botnet of devices infected with malware to follow hacker commands, these attacks were carried out by a group of human volunteers. Another notable attack overwhelmed the target’s DNS server with bursts lasting several minutes instead of using a sustained attack against the target directly.

"This added to the difficulty of mitigating the attack due to the sensitivity of DNS servers, which allows outside computers to find them on the Internet. The burst system also increased difficulty by fatiguing the defenders over a long period of time."

McKeay added: "Both of these attack types illustrate how attackers are always adapting to new defences to carry out their nefarious activities.

"These attacks, coupled with the record-breaking 1.35 Tbps memcached attacks from earlier this year, should serve as a not-so-gentle reminder that the security community can never grow complacent."

Other highlights from Akamai’s Summer 2018 State of the Internet / Security: Web Attack report include:

DDoS attacks:

  • Once attacked, it is extremely likely an organisation will be attacked again – companies that were attacked were targeted 41 times on average, with one organisation suffering from 884 DDoS attacks in that timeframe.
  • The biggest DDoS Akamai has seen to date – Akamai saw 7822 DDoS attacks during this time period (a 16% increase in total DDoS attacks). This 1.35 Tbps attack against a software development company made use of memcached servers as reflectors. To put this in perspective, the TAT-14 cable, one of many between the US and Europe, is capable of carrying 3.2 Tbps of traffic. This attack was, arguably, the largest seen on the Internet to date.
  • The gaming industry has continued to be the single largest target of DDoS attacks that Akamai defends against. The majority of these attacks appear to stem from the people using systems affected by the attacks. In other words, it’s mainly gamers attacking the sites out of frustration or hoping to gain an edge on their competitors.
  • So where are all these attacks coming from? The answer is complicated. Reflection attacks, botnets, and the ease of spoofing with UDP mean that determining the location of the attacker is difficult based simply on the traffic the defender sees. Tracing the DDoS traffic back to the attacker is difficult, expensive, and time consuming, not to mention unprofitable.

Web application attacks:

  • Over this six-month period, Akamai tracked 400,000,000 Web application attacks from around the globe.
  • The most common Web application attacks continues to be SQL injection, which accounted for 51% of the attacks seen by Akamai’s Kona Web Application Firewall in the period.
  • Local File Inclusion and cross-site scripting made up the majority of the remainder of attacks, responsible for 34% and 8% of all attacks, respectively.

You can download the report in full here


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Alex Zaharov-Reutt

One of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.



Recent Comments