Battle of the botnets: My zombie horde's bigger than yours

DDoSing over 100Gbps up 140%. Mirai worst but Spike peaks at 517Gbps

Robots, image via Shutterstock

DDoS attacks more than doubled in the last quarter of 2016 compared to the same period the year before.

Although the infamous Mirai IoT botnets accounted for many of the most severe attacks, the biggest single assault came from a different zombie network, according to a new study by Akamai out Tuesday.

Attacks greater than 100Gbps increased 140 per cent in Q4 2016 compared to Q4 2015. The largest DDoS attack in Q4 2016, which peaked at 517Gbps, came from Spike, a non-IoT botnet that has been around for more than two years. Seven of the 12 100Gbps-plus attacks from the end of last year can be directly attributed to Mirai.

Martin McKeay, senior security advocate and senior editor at Akamai, commented: "Perhaps the attackers in control of Spike felt challenged by Mirai and wanted to be more competitive. If that's the case, the industry should be prepared to see other botnet operators testing the limits of their attack engines, generating ever larger attacks."

Akamai tracked 25 DDoS attack vectors in Q4 2016, the top three were UDP fragment (27 per cent), DNS (21 per cent), and NTP (15 per cent). The number of DDoS attacks decreased by 16 per cent even as the volume and severity of the most potent attacks increased.

The number of web application attacks in Q4 2016 was down 19 per cent on Q4 2015.

Akamai's State of the Internet/Security Report uses data gathered from the Akamai Intelligent Platform to provide analysis of the current cloud security and threat landscape, as well as insight into seasonal trends. The report can be downloaded here. ®


Biting the hand that feeds IT © 1998–2017