The Akamai Q4 2017 security report from its SIRT (Security Intelligence Response Team) is the latest in its in-depth security reports quarterly on The State of the Internet. Their report on Q4 2017 highlights various continued threats and identifies several new ones. It also looks at the trends across 2017 in the online threat landscape and asks what they might presage for 2018.
Akamai gathers information from its globally distributed Akamai Intelligent Platform, which processes trillions of Internet transactions daily. Huge amounts of data on broadband connectivity, cloud security and media delivery are collected and analyzed to share with businesses and governments “to make better strategic decisions by leveraging this data and the insights it offers”.
Key takeaways from the report include:
- Mirai and its variants continue to exploit vulnerabilities in IoT devices and routers. There was a spike of almost 1 million unique IP addresses from the botnet scanning the Internet at the end of November 2017, showing the botnet still has the potential of “explosive growth” and “wreaking severe havoc”.
- DDoS attacks saw an increase of 14% year-on-year from 2016 with criminals continuing to make use of long-standing attack vectors. Akamai stresses that basic security best practices need to continue to be followed, including following secure coding guidelines and properly configuring and patching connected devices. The gaming industry was the most targeted sector, experiencing 79% of all DDoS attacks in Q4, followed by the financial services sector, which saw a significant growth in Q4.
- 43% of overall website login attempts were deemed malicious, showing that botnet traffic and credential abuse continue to be a problem.
- The largest source of bot traffic came from spidering activity by search engines with almost 40 billion requests just in November; the next largest source of bot traffic derived from site monitoring applications, which saw 9.3 billion requests.
- There was a 14% spike in infrastructure layer (layers 3 & 4) attacks.
- Reflection-based attacks grew by 4%.
- Web application attacks grew by 10% overall; within that there was a 10% growth in SQLi attacks and a 31% growth in attacks that sourced from within the U.S. Web application threats continue to particularly affect industries with high-value data with the retail sector seeing the highest number of attacks at 38%, and media and entertainment coming in second at 18%.
- Crypto mining attacks are on the rise as “the most direct avenue to monetize efforts by putting money immediately into their cryptowallets”. Ransomware attacks continue with the same goal of financial profit.
Looking ahead to 2018, Akamai predicts that criminals will continue to target mobile devices, IoTs and APIs. The firm is seeing a “new trend of enterprise systems being targeted, not only to steal their data, but to steal their computing resources”, driven in part by the growth in value of cryptocurrencies.
The full Akamai Q4 2017 report can be downloaded here.