webAI and MacStadium(link is external) announced a strategic partnership that will revolutionize the deployment of large-scale artificial intelligence models using Apple's cutting-edge silicon technology.
DDoS and Web Application Attacks on the Rise
August 29, 2017
Newly released data shows that distributed denial of service (DDoS) and web application attacks are on the rise once again, according to the Second Quarter, 2017 State of the Internet / Security Report released by Akamai Technologies. Contributing to this rise was the PBot DDoS malware which re-emerged as the foundation for the strongest DDoS attacks seen by Akamai this quarter.
In the case of PBot, malicious actors used decades-old PHP code to generate the largest DDoS attack observed by Akamai in the second quarter. Attackers were able to create a mini-DDoS botnet capable of launching a 75 gigabits per second (Gbps) DDoS attack. Interestingly, the Pbot botnet was comprised of a relatively small 400 nodes, yet still able to generate a significant level of attack traffic.
Another entry on the “everything old is new again” list is represented by the Akamai Enterprise Threat Research Team’s analysis of the use of Domain Generation Algorithms (DGA) in malware Command and Control (C2) infrastructure. Although first introduced with the Conficker worm in 2008, DGA has remained a frequently used communication technique for today's malware. The team found that infected networks generated approximately 15 times the DNS lookup rate of a clean network. This can be explained as the outcome of access to randomly generated domains by the malware on the infected networks. Since most of the generated domains were not registered, trying to access all of them created a lot of noise. Analyzing the difference between behavioral characteristics of infected versus clean networks is one important way of identifying malware activity.
When the Mirai botnet was discovered last September, Akamai was one of its first targets. The company’s platform continued to receive and successfully defended against attacks from the Mirai botnet thereafter. Akamai researchers have used the company’s unique visibility into Mirai to study different aspects of the botnet, most specifically in the second quarter, its C2 infrastructure. Akamai research offers a strong indication that Mirai, like many other botnets, is now contributing to the commoditization of DDoS. While many of the botnet’s C2 nodes were observed conducting “dedicated attacks” against select IPs, even more were noted as participating in what would be considered “pay-for-play” attacks. In these situations, Mirai C2 nodes were observed attacking IPs for a short duration, going inactive and then re-emerging to attack different targets.
“Attackers are constantly probing for weaknesses in the defenses of enterprises, and the more common, the more effective a vulnerability is, the more energy and resources hackers will devote to it,” said Martin McKeay, Akamai Senior Security Advocate. “Events like the Mirai botnet, the exploitation used by WannaCry and Petya, the continued rise of SQLi attacks and the re-emergence of PBot all illustrate how attackers will not only migrate to new tools but also return to old tools that have previously proven highly effective.”
Other key findings from the report include:
■ The number of DDoS attacks in Q2 increased by 28 percent quarter over quarter following three quarters of decline.
■ DDoS attackers are more persistent than ever, attacking targets an average of 32 times over the quarter. One gaming company was attacked 558 times or approximately six times a day on average.
■ Egypt was the origin of the greatest number of unique IP addresses used in frequent DDoS attacks with 32 percent of the global total. Last quarter, the United States held that spot and Egypt was not among the top five.
■ Fewer devices were used to launch DDoS attacks this quarter. The number of IP addresses involved in volumetric DDoS attacks dropped 98 percent from 595,000 to 11,000.
■ The incidence of Web application attacks increased five percent quarter-over-quarter and 28 percent year-over-year.
■ SQLi attacks were used in more than half (51 percent) of web application attacks this quarter — up from 44 percent last quarter — generating nearly 185 million alerts in the second quarter alone.
Methodology: The Akamai Second Quarter, 2017 State of the Internet / Security Report combines attack data from across Akamai’s global infrastructure and represents the research of a diverse set of teams throughout the company. The report provides analysis of the current cloud security and threat landscape, as well as insight into attack trends using data gathered from the Akamai Intelligent Platform. The contributors to the State of the Internet / Security Report include security professionals from across Akamai, including the Security Intelligence Response Team (SIRT), the Threat Research Unit, Information Security, and the Custom Analytics group.
Industry News
March 27, 2025
March 27, 2025
Development work on the Linux kernel — the core software that underpins the open source Linux operating system — has a new infrastructure partner in Akamai. The company's cloud computing service and content delivery network (CDN) will support kernel.org, the main distribution system for Linux kernel source code and the primary coordination vehicle for its global developer network.
March 27, 2025
Komodor announced a new approach to full-cycle drift management for Kubernetes, with new capabilities to automate the detection, investigation, and remediation of configuration drift—the gradual divergence of Kubernetes clusters from their intended state—helping organizations enforce consistency across large-scale, multi-cluster environments.
March 26, 2025
Red Hat announced the latest updates to Red Hat AI, its portfolio of products and services designed to help accelerate the development and deployment of AI solutions across the hybrid cloud.
March 26, 2025
CloudCasa by Catalogic announced the availability of the latest version of its CloudCasa software.
March 26, 2025
BrowserStack announced the launch of Private Devices, expanding its enterprise portfolio to address the specialized testing needs of organizations with stringent security requirements.
March 25, 2025
Chainguard announced Chainguard Libraries, a catalog of guarded language libraries for Java built securely from source on SLSA L2 infrastructure.
March 25, 2025
Cloudelligent attained Amazon Web Services (AWS) DevOps Competency status.
March 25, 2025
Platform9 formally launched the Platform9 Partner Program.
March 24, 2025
Cosmonic announced the launch of Cosmonic Control, a control plane for managing distributed applications across any cloud, any Kubernetes, any edge, or on premise and self-hosted deployment.
March 20, 2025
Oracle announced the general availability of Oracle Exadata Database Service on Exascale Infrastructure on Oracle Database@Azure(link sends e-mail).
March 20, 2025
Perforce Software announced its acquisition of Snowtrack.
March 19, 2025
Mirantis and Gcore announced an agreement to facilitate the deployment of artificial intelligence (AI) workloads.
March 19, 2025
Amplitude announced the rollout of Session Replay Everywhere.
March 18, 2025
Oracle announced the availability of Java 24, the latest version of the programming language and development platform. Java 24 (Oracle JDK 24) delivers thousands of improvements to help developers maximize productivity and drive innovation. In addition, enhancements to the platform's performance, stability, and security help organizations accelerate their business growth ...
