Two record-setting distributed denial of service, or DDoS, attacks contributed to a 71% increase in such incidents targeting e-commerce and other companies in the third quarter. A particularly potent botnet, dubbed Mirai, was behind the two largest attacks, says a recent report from Akamai Technologies Inc., a content delivery network and web security services vendor.

A DDoS attack occurs when criminals try to knock a site offline by inundating it with an overwhelming volume of traffic. It’s distributed because the attack traffic comes from many computers, often thousands, which the bad actors control through software they secretly load onto business or consumer computers—or increasingly web-connected devices that aren’t computers, such as home Wi-Fi routers and web-connected TVs.

A DDoS can be achieved in a number of ways, but commonly involves a network of so-called “zombie” machines, referred to as botnets. A botnet is formed of personal computers in offices or homes and other internet-linked devices infected with malicious code which, upon the request of a hacker, can flood a web server with requests, such as to view the site. One or two machines wouldn’t be an issue, but tens or hundreds of thousands firing such requests simultaneously can be enough to cripple even the most sophisticated of web servers.

The study, titled Third Quarter, 2016 State of the Internet / Security Report, is part of a series using data gathered from a survey of Akamai’s B2B and retailer clients. It provides analysis of the current cloud security and threat landscape, including insight into the two massive DDoS attacks caused by the Mirai botnet.

“Every couple of years the industry faces what could be considered ‘harbinger attacks,’ where the size and scope of a security event are radically different than what has come before. I believe the industry faced its latest harbinger with the Mirai botnet,” says Martin McKeay, senior security analyst and senior editor of the Akamai report. “The Mirai botnet also made concrete the industry’s fear that Internet of Things and other internet-connected devices could be used for both web application and DDoS attacks, illustrating the need for device manufacturers to place a greater emphasis on security.”

advertisement

The two largest DDoS attacks this quarter, both using the Mirai botnet, were the biggest observed by Akamai to date at 623 Gbps and 555 Gbps. Gbps, or gigabits per second, is a measure of network transmission speed. One gigabit is equal to 1 billion bits of data. Large DDoS attacks seek to overload network capacity and Akamai typically uses 100 Gbps as a high-water mark for attack volume. Total Q3 2016 DDoS attacks greater than 100 Gbps increased 138% since Q3 2015, the report notes.

Mirai has its roots in malware Akamai calls Kaiten, which targets home routers and internet of things devices, the report says. “The malware has now been released to the world at large, under the name Mirai, and targets more than 60 default username and password combinations. Mirai uses compromised IoT systems and generates traffic directly from those nodes.”

Total DDoS attacks increased 71% in Q3 2016, compared with Q3 2015, Akamai says.

Following are the 10 source countries that accounted for the most DDoS attacks in the third quarter of 2016, with the percentage of attacks each accounted for among the top 10, and the comparable percentage for the same period in 2015 and 2014:

advertisement
  • China, 29.56%, 21%, 20.01%.
  • United States, 21.59%, 17%, 23.95%.
  • United Kingdom, 16.17%, 26%, 2.42%.
  • France, 8.72% (no data for 2015 and 2014).
  • Brazil, 4.91% (no data for 2015 and 2014).
  • South Korea, 4.06%, 5%, 6.13%.
  • Singapore, 3.93% (no data for 2015 and 2014).
  • Japan, 3.81% (no data for 2015 and 2014).
  • Vietnam, 3.76% (no data for 2015 and 2014).
  • Germany, 3.49% (no data for 2015 and 2014).

China has been the top source country for DDoS attacks since the fourth quarter of 2015, Akamai notes.

The report says that IoT device manufacturers are looking to connect an increasing array of devices to the web. That can be convenient for businesses and consumers but not so good for internet security and access. “Problems arise from the fact that those same manufacturers aren’t taking security to heart. Connecting a device to the internet to stream data is relatively easy,” Akamai says. “Building software that can be updated, an infrastructure that supports the update and keeping ahead of the vulnerabilities of consumer-grade electronics isn’t easy—or cheap. As a result, we see IoT devices sold without the capability to be patched or managed, a fundamental vulnerability that attackers have identified and seized upon.”

DDoS incidents aren’t going away. A pair of DDoS attacks on Oct. 21 targeted Dyn Inc., a significant Domain Name Server that facilitates the loading of web pages, and prevented online access to Twitter Inc., Spotify, Reddit and The New York Times, among other sites. That outage mostly affected the East Coast. Dyn brought the initial attack under control, and that had to deal with a second attack around noon Eastern time that day.
Many sites, including Amazon.com Inc. and eBay Inc., experienced a spike in outages midday on Oct. 21, according DownDetector.com, a site based in the Netherlands that collects status reports and disruptions on websites. Amazon Business is No. 104 in the B2B E-Commerce 300.

Sign up for a free subscription to B2BecNews, a twice-weekly newsletter that covers technology and business trends in the growing B2B e-commerce industry. B2BecNews is published by Vertical Web Media LLC, which also publishes the monthly business magazine Internet Retailer. Follow Bill Briggs on Twitter @BBriggsB2B.

advertisement

Follow us on LinkedIn and be the first to know when B2BecNews publishes new content.

Bloomberg News contributed to this report.

Favorite