Home Security DDoS attacks down in first quarter of 2017: Akamai

DDoS attacks down in first quarter of 2017: Akamai

Distributed denial of service attacks have decreased during the first quarter of 2017, the content delivery network Akamai says in its quarterly State of the Internet report.

But this does not mean that the risks faced by businesses have gone down, since many now have uplinks between 1Gbps and 10 Gbps and any attack bigger than 10Gbps will take the business offline, Akamai said in the report.

Martin McKeay, senior security advocate and senior editor of the report said: “If our analysis of Q1 tells us anything, it’s that risks to the Internet and to targeted industry sectors remain and continue to evolve.

“Use cases for botnets like Mirai have continued to advance and change, with attackers increasingly integrating Internet of Things vulnerabilities into the fabric of DDoS botnets and malware.

"It’s short-sighted to think of Mirai as the only threat, though. With the release of the source code, any aspect of Mirai could be incorporated into other botnets. Even without adding Mirai’s capabilities, there is evidence that botnet families like BillGates, elknot, and XOR have been mutating to take advantage of the changing landscape."

Highlights of the report include:

DDoS Attacks

Mirai DNS Water Torture Attacks, a DNS query flood included in Mirai malware, targeted Akamai customers in the financial services industry. Most of the impacted DNS servers received queries at an even rate during the attacks, except for an attack on 15 January when one of three DNS servers received 14 Mbps of attack traffic. The attacks can create denial of service outages by consuming the target domain’s resources in looking up randomly generated domain names in great numbers.

Reflection attacks continued to comprise the largest number of DDoS attack vectors and accounted for 57% of all mitigated attacks in Q1 2017, with Simple Service Discovery Protocol (SSDP) reflectors as the biggest source of attacks.

Web application attacks

The US remained the top source country for Web application attacks, showing another significant year-over-year increase — up 57% from Q1 2016.

The top three attack vectors used against Web applications in Q1 of 2017 were SQLi, LFI and XSS.

The Netherlands, in second place for the top source of Web application attacks of Q1 2017, dropped to 13% from 17% in the previous quarter, remaining a consistent source of attack traffic from a country of only 17 million.

Top attack vectors

UDP fragment, DNS and NTP maintained their positions as the top three DDoS attack vectors, while reserved protocol floods and connection floods were also on the Q1 2017 attack vectors list.

The Q1 2017 top three most frequent attack vectors per week were ACK, CHARGEN, and DNS.

A new reflection attack vector Connectionless Lightweight Directory Access Protocol (CLDAP) was discovered and was observed producing DDoS attacks comparable to DNS reflection with most attacks exceeding 1 Gbps.


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



Ransomware is a type of malware that blocks access to your files and systems until you pay a ransom.

The first example of ransomware happened on September 5, 2013, when Cryptolocker was unleashed.

It quickly affected many systems with hackers requiring users to pay money for the decryption keys.

Find out how one company used backup and cloud storage software to protect their company’s PCs and recovered all of their systems after a ransomware strike.


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.


Popular News