DDoS attacks grow more popular, targeted

A new State of the Internet/Security: Web Attack report finds the number of distributed denial of service attacks to be growing, already up 16 percent over all of last year. The report also found that Russia and China are initiating the most credential-based attacks against the hospitality industry.

The report proved records are made to be broken. Last year, attackers showed their craftiness as they conscripted tens of thousands of IoT and mobile devices into enormous botnets that levied record-breaking distributed denial-of-service (DDoS) attacks. According to Akamai, those records were smashed within the first eight weeks of 2018 as attackers exploited Memcached, a free open source distributed memory object caching system designed to ease database load and to speed dynamic web applications. Those attacks gave rise to traffic exceeding a blistering 1 Tbps.

While standard volumetric DDoS attacks are still the most common, Akamai says new DDoS attack tactics are emerging. For instance, Akamai researchers identified one advanced attack coordinated using human partners and group chats over STEAM and IRC, instead of the typical command and control tools used in a botnet of hijacked devices. Another attack swamped a targeted DNS server with attack bursts that only lasted for several minutes, rather than sustained levels of attack traffic. This increased the challenges associated with mitigating attacks. The burst attacks also made the defenders weary over time as the attacks rhythmically hit and subsided.

Some other notable findings include:

• The largest DDoS attack this year broke records at 1.35 Tbps.
• Researchers identified a 4 percent increase in reflection-based DDoS attacks since last year.
• There was a 38 percent increase in application-layer attacks such as SQL injection or cross-site scripting.
• In April, the Dutch National High Tech Crime Unit took down a malicious DDoS-for-hire website with 136,000 users.

Another interesting finding in the report is that the hospitality industry experiences a higher percentage of bot-driven attacks based on credential abuse.

Akamai analyzed about 112 billion bot requests and 3.9 billion malicious login attempts that targeted sites in the hospitality industry, including airlines, cruise lines, hotels, and others. The company found that about 40 percent of the traffic witnessed across hotel and travel sites was classified as “impersonators of known browsers” — a known fraud vector.

Further, according to Akamai, a geographic analysis of attack traffic origination found that Russia, China and Indonesia were major sources of credential abuse for the travel industry. These nations directed about half of their credential abuse activity at hotels, cruise lines, airlines, and travel sites.

For years now, the hospitality industry has been highly-targeted by black hats. Perhaps it’s because the hospitality industry has been lax when it comes to information security. Maybe it’s because guests are less suspecting than usual? Or it could be a little of both, but the hospitality industry has been a magnet for hackers and targeted malware for some time.