OneÂ of the more interesting parts of my day job atÂ Akamai TechnologiesÂ AKAMÂ +1.59%Â is that I have access to all sorts ofÂ securityÂ research. An information junkieâ€™s fantasy land. One of these items is in the form of the AkamaiÂ State of the InternetÂ security report.
What struck me about this research was the sheer increase in volume of distributed denial of service (DDoS) attacks from the last quarter. An increase of 57% was noted from just one year earlier. Nothing to sneeze at. One of the main drivers that helped to raise this number was a 241% increase in the number of attacks that leveraged SSDP floods.
What, might you ask, is SSDP? This stands for Simple Service Discovery Protocol. This is a service that can be used by attackers to reflect traffic against a target in a DDoS attack. Attackers can amplify the signal of their attack bringing a larger amount of attack traffic against the target than they could otherwise based on the volume of just attacking nodes. SSDP is commonly found in devices using Universal Plug and Play (UPnP). The largest attack that was witnessed in this instance was one that reached 106 Gbps of malicious traffic.
This is an example of what can happen with poorly configured, or worse, devices with no security controls that are rolled out as a component of the Internet of Things (Iot). As the Internet of Things continues to increase we will see more opportunities for attackers to leverage devices to increase the size and scope of their botnets. Security needs to be backed into IoT devices from theÂ initial design phase.
Groups such as the Lizard Squad have reportedly used home routers which were susceptible to compromise as enlisted troops in their botnet. Here again we see an example of force over finesse. Theyâ€™re attempting to make money by selling access to these devices with their Lizardstresser service. This server was built on code copied from another service called, Titaniumstresser and at the time it was rolled out was poorly implemented. I was able to enumerate usernames and others were able to see the contents of their misconfigured .htaccess file which is supposed to control directory level access. You could even see in the code they had not bothered to remove references to Titaniumstresser.
In the State of the Internet security report there was a demonstrated 90% increase in attacks in Q4 over those recorded in the third quarter of 2014. The attacks continue. I did notice a change in the landscape which, to be fair, Iâ€™m surprised has not happened before now. When Malaysian Airlines website was compromised on Monday, January 26th through aÂ DNS hijackÂ the attackers took the time to set up a DNS record to capture email from the beleaguered airline. Be sure to lock your registrar records to avoid this sort of issue.
All in all it was an interesting fourth quarter of 2014. Iâ€™m sure that 2015 will offer up a new range of interesting attacks. Or, we might get lucky and have a nice quiet year.