[news release] Neustar, Inc., a global information services and technology company and leader in identity resolution, Wednesday released its latest cyberthreats and trends report which identifies significant shifts in distributed denial-of-service (DDoS) attack patterns in the first half of 2020. Neustar’s Security Operations Center (SOC) saw a 151% increase in the number of DDoS attacks compared to the same period in 2019.Continue reading DDoS Attacks Increase by 151% in First Half of 2020 : Neustar
DDoS attacks continue to be an effective means to distract and confuse security teams while inflicting serious damage to brands, according to a report released last week by Neustar, Inc.
The first quarter 2019 Cyber Threats and Trends report highlights new areas of growth in Distributed Denial of Service (DDoS) attacks over the past year. One issue the report highlights is that while volumetric attacks over 50Gbps remain a relatively small segment of the overall threat picture at only 12% of attacks, their frequency has grown enormously when compared to the same period in 2018. The latest attacks morph over the course of the attack using a variety of ports and protocols to locate and exploit vulnerabilities. In Q1, 2019, over 77% of attacks used two or more vectors.
In particular, the trend of targeting subnets and classless inter-domain routing (CIDR) blocks to slow or stop network traffic across the internet is a disruptive DDoS threat, identified in the report. By using DDoS methods aimed completely at subnets, rather than specific IP addresses, an attack is often more difficult to detect and mitigate. These attacks often feature multiple vectors, and will switch between them as they migrate from subnet to subnet.
Neustar handled a mitigation for just such an attack in an around-the-clock collaboration between SOC engineers and a new customer who was quickly onboarded by Neustar after being dropped [during the attack] by their Tier 1 Internet Service Provider (ISP).
âTodayâs artificial intelligence and machine learning technologies enable us to identify anomalous traffic and patterns, correlate data across systems, and perform behavioral analytics on users and entities,” said Rodney Joffe, Neustar Senior Vice President, Technologist and Fellow. âBut none of these systems function without professionals who know how to deploy them, interpret their data, identify the existence and location of problems, and mitigate them.â
Such immediate personal involvement with expert engineers is a significant benefit in working with an estab-lished firm such as Neustar, particularly when under attack. âNeustarâs 10+Tbps of scrubbing capacity and variety of offerings are world class, and we have more power than ever to defend against the range of DDoS attacks,â said Michael Kaczmarek, Neustar Vice President of Security Products. âBut itâs important to remember our most powerful defense: people.â
Neustar provides its customers with the resources and assurance that are needed to ensure data and infra-structure is continually protected against any type or size of DDoS attack. Neustarâs DDoS Mitigation Solutions offer the largest dedicated global network with over 10Tbps + of scrubbing capacity in North America, Europe, Asia, South America, Africa, Australia and India.
A free copy of The Neustar Q1â19 Cyber Threats and Trends Report is available here.
Neustar and Verisign have announced that Neustar will be acquiring Verisignâs Security Services customer contracts. The acquisition consists of Distributed Denial of Service (DDoS) Protection, Managed DNS, DNS Firewall and fee-based Recursive DNS services customer contracts.
This acquisition will strategically grow Neustarâs leading Digital Defense and Performance solutions by expanding its enterprise customer footprint in several high-growth industries, such as technology, e-Commerce and financial services. Neustar features one of the industryâs most comprehensive security portfolios comprised of DDoS mitigation, web application firewall (WAF), authoritative and recursive DNS, IP and threat intelligence, and website performance management.
As part of the transaction, Verisign will continue to support the Security Services customers during the transition to Neustar, pursuant to a transition services agreement that is expected to be executed at closing.
âWith this acquisition, Neustar will be able to accelerate its growth in the internet security market, supported by significant investments made to our DDoS and DNS infrastructure, and capacity over the last 12 months,â said Shailesh Shukla, General Manager, Digital Defense and Performance Solutions, Neustar. âWeâre excited to introduce new customers to our broad portfolio of solutions and are dedicated to a seamless transition, working closely with the Verisign team. We are wholeheartedly committed to delivering innovative solutions that reduce the disruptions caused by malicious actors and providing world-class customer support.â
âWeâve grown the Neustar SiteProtect NG solution to be one of the worldâs largest dedicated networks with more than 10 Tbps mitigation capacity and the Neustar NetProtectâ¢ solution directly connects to a vast network of globally distributed data centers. This is a testament to our steadfast commitment to our customers and consumers. Our number one priority will remain providing all of our customers with a secure infrastructure built on a foundation of unmatched stability, resiliency and performance,â said Charles Gottdiener, President and Chief Executive Officer, Neustar.
âVerisign is committed to focusing on its core mission of providing critical internet infrastructure, including Root Zone management, operation of 2 of the 13 global internet root servers, operation of .gov and .edu, and authoritative resolution for the .com and .net top-level domains, which support the majority of global e-commerce. For this reason, Verisign is transitioning its Security Services customers to Neustar. Neustar has been focused on providing specialized web security and digital performance solutions for many years. Given this experience, we believe Neustar is well-suited to continue to deliver the innovative solutions and world-class performance to which Verisignâs Security Services customers are accustomed,â said Jim Bidzos, Verisign Founder, Chairman and CEO.
Commenting on the transaction, Jim Bidzos, Executive Chairman, President and Chief Executive Officer at Verisign said: âVerisign is committed to focusing on its core mission of providing critical internet infrastructure, including Root Zone management, operation of 2 of the 13 global internet root servers, operation of .gov and .edu, and authoritative resolution for the .com and .net top-level domains, which support the majority of global e-commerce. For this reason, Verisign is transitioning its Security Services customers to Neustar.â
The administrators of the DDoS marketplace webstresser.org were arrested on 24 April 2018 as a result of Operation Power Off, a complex investigation led by the Dutch Police and the UKâs National Crime Agency with the support of Europol and a dozen law enforcement agencies from around the world. The administrators were located in the United Kingdom, Croatia, Canada and Serbia. Further measures were taken against the top users of this marketplace in the Netherlands, Italy, Spain, Croatia, the United Kingdom, Australia, Canada and Hong Kong. The illegal service was shut down and its infrastructure seized in the Netherlands, the US and Germany.
Webstresser.org was considered the worldâs biggest marketplace to hire Distributed Denial of Service (DDoS) services, with over 136,000 registered users and 4 million attacks measured by April 2018. The orchestrated attacks targeted critical online services offered by banks, government institutions and police forces, as well as victims in the gaming industry.
Devastation for hire
In a DDoS attack enabled by such a service, the attacker remotely controls connected devices to direct a large amount of traffic at a website or an online platform. Whether this traffic eats up the websiteâs bandwidth, overwhelms the server, or consumes other essential resources, the end result of an unmitigated DDoS attack is the same: the victim website is either slowed down past the point of usability, or itâs knocked completely offline, depriving users from essential online services.
It used to be that in order to launch a DDoS attack, one had to be pretty well versed in internet technology. That is no longer the case. With webstresser.org, any registered user could pay a nominal fee using online payment systems or cryptocurrencies to rent out the use of stressers and booters. Fees on offer were as low as EUR 15.00 a month, thus allowing individuals with little to no technical knowledge to launch crippling DDoS attacks.
International law enforcement cyber sweep
International police cooperation was central to the success of this investigation initiated by the Dutch National High Tech Crime Unit and the UK National Crime Agency, as the administrators, users, critical infrastructure and victims were scattered across the world.
Europolâs European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT) supported the investigation from the onset by facilitating the exchange of information between all partners. A command and coordination post was set up at Europolâs headquarters in The Hague on the action day.
“We have a trend where the sophistication of certain professional hackers to provide resources is allowing individuals â and not just experienced ones â to conduct DDoS attacks and other kind of malicious activities online”, said Steven Wilson, Head of Europolâs European Cybercrime Centre (EC3). “Itâs a growing problem, and one we take very seriously. Criminals are very good at collaborating, victimising millions of users in a moment form anywhere in the world. We need to collaborate as good as them with our international partners to turn the table on these criminals and shut down their malicious cyberattacks.”
“Stresser websites make powerful weapons in the hands of cybercriminals” said Jaap van Oss, Dutch Chairman of the Joint Cybercrime Action Taskforce (J-CAT). “International law enforcement will not tolerate these illegal services and will continue to pursue its admins and users. This joint operation is yet another successful example of the ongoing international effort against these destructive cyberattacks.”
DDoS-ing is a crime
DDoS attacks are illegal. Many IT enthusiasts get involved in seemingly low-level fringe cybercrime activities, unaware of the consequences that such crimes carry. The penalties can be severe: if you conduct a DDoS attack, or make, supply or obtain stresser or booter services, you could receive a prison sentence, a fine or both.
The individuals that become involved in cybercrime often have a skill set that could be put to a positive use. Skills in coding, gaming, computer programming, cyber security or anything IT-related are in high demand and there are many careers and opportunities available to anyone with an interest in these areas.
This Europol news release was sourced from:
Neustar recently published research that detailed how Domain Name System Security Extensions (DNSSEC) can be subverted as an amplifier in Distributed-Denial-of-Service (DDoS) attacks.
In the research, âDNSSEC: How Savvy DDoS Attackers Are Using Our Defenses Against Usâ, Neustar found that on average, DNSSEC reflection can transform an 80-byte query into a 2,313-byte response, an amplification factor of nearly 30 times, which can easily cause a network service outage during a DDoS attack, resulting in lost revenue and data breaches.
âDNSSEC emerged as a tool to combat DNS hijacking, but unfortunately, hackers have realized that the complexity of these signatures makes them ideal for overwhelming networks in a DDoS attack,â said Joe Loveless, Director Product Marketing, Security Services, Neustar. âIf DNSSEC is not properly secured, it can be exploited, weaponized and ultimately used to create massive DDoS attacks.â
DNSSEC was designed to provide integrity and authentication to DNS, which it accomplishes with complex digital signatures and key exchanges. As a result, when a DNS record is transferred to DNSSEC, an extraordinary amount of additional information is created. Additionally, when issuing the DNS command, âANY,â the amplified response from DNSSEC is exponentially larger than a normal DNS reply.
Key findings and recommendations from the research included:
- DNSSEC Vulnerabilities Are Prolific â Neustar examined one industry with 1,349 domains and determined 1,084 of them (80 percent) could be maliciously repurposed as a DDoS attack amplifier (they were signed with DNSSEC and responded to the âANYâ command).
- The Average DNSSEC Amplification Factor is 28.9 â Neustar tested DNSSEC vulnerabilities with an 80-byte query, which returned an average response of 2,313-bytes. The largest amplification response was 17,377-bytes, 217 times greater than the 80-byte query.
- The Anatomy of a DNSSEC Reflection Attack â Neustar illustrates the command and control servers required to run the botnets and scripts that target DNS nameservers to execute DNSSEC amplification attacks.
- Best Practices for Mitigation âFor organizations that rely on DNSSEC, Neustar recommends ensuring that your DNS provider does not respond to âANYâ queries or has a mechanism in place to identify and prevent misuse.
âNeustar is focused on using connected sciences to connect people, places and things, which is why network security is so imperative,â said Loveless. âAs more organizations adopt DNSSEC, it is critically important to understand how to secure it. The time to fix it is now.â
For more information about âDNSSEC: How Savvy DDoS Attackers Are Using Our Defenses Against Usâ see:
DDoS attack activity at a glance
During Q1, Akamai mitigated more than 4,500 DDoS attacks, a 125 percent increase compared with Q1 2015. As in recent quarters, the vast majority of these attacks were based on reflection attacks using stresser/booter-based tools. These tools bounce traffic off servers running vulnerable services such as DNS, CHARGEN, and NTP. In fact, 70 percent of the DDoS attacks in Q1 used the reflection-based DNS, CHARGEN, NTP, or UDP fragment vectors.
More than half of the attacks (55 percent) targeted gaming companies, with another 25 percent targeting the software and technology industry.
Q1 2016 also set a record for the number of DDoS attacks exceeding 100 Gigabits per second (Gbps): 19. The largest of these mega attacks mitigated by Akamai peaked at 289 Gbps. Fourteen attacks relied on DNS reflection methods. Last quarter, there were only five mega attacks; the previous record was 17, set in Q3 2014.
During Q4 2015, repeat DDoS attacks became the norm, with an average of 24 attacks per targeted customer in Q4. The trend continued this quarter; targeted customers were attacked an average of 39 times each. One customer was targeted 283 times â an average of three attacks per day.
Compared with Q1 2015
- 125.36 percent increase in total DDoS attacks
- 142.14 percent increase in infrastructure layer (layers 3 & 4) attacks
- 34.98 percent decrease in the average attack duration: 16.14 vs. 24.82 hours
- 137.5 percent increase in attacks > 100 Gbps: 19 vs. eight
Compared with Q4 2015
- 22.47 percent increase in total DDoS attacks
- 23.17 percent increase in infrastructure layer (layers 3 & 4) attacks
- 7.96 percent increase in the average attack duration: 16.14 vs. 14.95 hours
- 280 percent increase in attacks > 100 Gbps: 19 vs. five
Web application attack activity
Web application attacks increased nearly 26 percent compared with Q4 2015. As in past quarters, the retail sector remained the most popular attack target, targeted in 43 percent of the attacks. But in a shift from last quarter, we saw a two percent decrease in web application attacks over HTTP and a 236 percent increase in web application attacks over HTTPS. There was also an 87 percent increase in SQLi attacks compared with the previous quarter.
As in recent quarters, the US was both the most frequent source of web application attack traffic (43 percent) and the most frequent target (60 percent).
Web application attack metrics
Compared with Q4 2015
- 25.52 percent increase in total web application attacks
- 1.77 percent decrease in web application attacks over HTTP
- 235.99 percent increase in web application attacks over HTTPS
- 87.32 percent increase in SQLi attacks
Bot activity snapshot
For the first time, weâve included an analysis of bot activity in the State of the Internet – Security Report. Looking at bot activity over 24 hours, we tracked and analyzed more than two trillion bot requests. While identified and known, so-called good bots represented 40 percent of the bot traffic, 50 percent of the bots were determined to be malicious and were engaged in scraping campaigns and related activity.
Growth in DDoS reflectors
Using firewall data from the perimeter of the Akamai Intelligent Platform, our analysis showed a 77 percent growth in active Quote of the Day (QOTD) reflectors, a 72 percent increase in NTP reflectors and a 67 percent increase in CHARGEN reflectors compared to Q4 2015. Active SSDP reflectors declined by 46 percent.
Download the report
A complimentary copy of theÂ Q1 2016 State of the Internet – Security ReportÂ is available for download at stateoftheinternet.com/security-report.
As the global leader in Content Delivery Network (CDN) services, Akamai makes the Internet fast, reliable and secure for its customers. The company’s advanced web performance, mobile performance, cloud security and media delivery solutions are revolutionizing how businesses optimize consumer, enterprise and entertainment experiences for any device, anywhere. To learn how Akamai solutions and its team of Internet experts are helping businesses move faster forward, please visit www.akamai.com or blogs.akamai.com, and follow @Akamai on Twitter.
This Akamai news release was sourced from:
[news release] Neustar, Inc., a trusted, neutral provider of real-time information services, today released the findings from its third global DDoS Attacks and Protection Report titled The Threatscape Widens: DDoS Aggression and the Evolution of IoT Risks.
The April 2016 report follows a survey of over 1,000 IT professionals across six continents, and reveals that few organisations globally are being spared DDoS attacks. With the bombardment fairly constant throughout 2015, it is no longer a matter of if or when attacks might happen, but how often and how long the attack will last. Faced with this ongoing onslaught, the report demonstrates that increasingly DDoS-defense savvy organizations are now arming themselves accordingly.
The research results show that although revenue loss caused by a DDoS related outage is usually the main concern, 57% of all breaches involved some sort of theft including intellectual property and customer data as well as financial information. More troubling, following the initial breach, 45% of organizations reported the installation of a virus or malware – a sign that attackers are interested in causing ongoing harm.
The research highlights that although DDoS attack tactics continue to evolve from single large attacks intended to take a website offline to the multi-vector attacks we are seeing today, organizations are fighting back. The good news is 76% of companies are investing more in DDoS protection than in 2014 and 47% of the attacked organizations are participating in security consortiums to share information on threats and counter measures.
Headline findings from the research include:
- 73% (7 in 10) of global brands and organizations were attacked, which should put virtually every organization with a digital presence on notice.
- 82% of organizations experiencing a DDoS attack were then attacked repeatedly, with 45% reporting they were attacked 6 or more times. In EMEA, 47% of organization have been struck more than 5 times.
- More than half (57%) of organizations reported theft after attack, including loss of customer data, finances or intellectual property.
- 50% of organizations would lose at least $100,000 per hour in a peak-time DDoS related outage (33% would lose more than $250,000 per hour), and 42% needed at least three hours to detect that they were under DDoS attack.
- 76% of organizations are investing more than last year in response to the DDoS threat.
- 71% of financial services firms attacked experienced some form of theft and 38% found viruses or malware activation after an attack. With big money, customer trust and regulatory implications on the line, 79% of financial services organizations are investing more this year than last.
âThe findings of our most recent report are clear: attacks are unrelenting around the world but organizations are now recognizing DDoS attacks for what they are – an institutionalized weapon of cyber warfare â and so are protecting themselves,â says Rodney Joffe, Head of IT Security Research at Neustar. âWe present the data from our third DDoS survey as a means to inform the public of the dangers associated with DDoS attacks, and advance a conversation about the importance of multi-layered cybersecurity. This should be a discourse that reaches from security through to marketing, as when a DDoS attack hits, the reverberations are felt like a domino effect throughout all departments.â
Why IoT offers a second chance to improve security
In addition to examining the DDoS trends of 2015, for the first time the survey also asked respondents to consider what the future portends for companies deploying IoT connected devices, providing insight into why security needs to be a central tenet for devices in the future. The survey found that while 63% of companies have IoT devices already deployed only 34% have security measures in place, indicating the IoT is opening up new threat vectors but too few organizations are focused on preventing connected devices from being compromised.
Hank Skorny, Neustar IoT expert, comments on security and IoT: âAlthough IoT is already here, the Internet was never built with security in mind; ease of use and convenience were paramount. By 2017, 81% of organizations will have devices deployed to collect and analyze data so today, we have the opportunity to learn from our mistakes and make security a cornerstone of every IoT device moving forward. From design conception, every IoT device, sensor, and software system needs a multi-tiered security driven approach, including timely patches and updates. Just as important, or perhaps more so, is for security to be an intrinsic part of every network. Every IT professional knows it can take just one successful hack on an IoT device to access and compromise an entire network. As IoT devices continue to become ingrained into our electrical grid, hospitals, assembly lines and other essential areas of life, the stakes are simply too high to leave security to chance.â
The Neustar April 2016 DDoS Attacks and Protection Report: The Threatscape Widens: DDoS Aggression and the Evolution of IoT Risks is based on answers received from over 1,000 directors, managers, CISOs, CSOs, CTOs and other security directors from six continents in the technology (18% of respondents), financial services (16%), retail (12%), and government (8%) sectors and others.
This news release was sourced from:
There is an auction coming up for the .shop and .shopping gTLDs and Domain Incite reports that it is getting âweirdâ.
The report notes that there are three ways the auction could play out, and itâs possible that the winning bidder(s) may not have to pay out anything in the auction.
There is reportedly a growing issue with security and DDOS attacks and IPv6 according to a report in Dark Reading. According to the report âbecause IPv6 occupies such a relatively small space, Internet security implementations that take it into full consideration are also lagging. This leaves a lot of networks vulnerable to distributed denial of service (DDoS) attacks.â
Nordic Domain Days is coming in late November and will be held in Stockholm. Nordic Domain Days will be part of the long-running and very popular Internet Days (Internetdagarna) organised by IIS, the registry for .se and .nu.
There will be a focus on the interaction between registrars and registries. Representatives from more than 10 registries including .se, .no, .fi, .dk, .nu, .de, .nl, .cloud, .global and .one will be present.
Registration costs 1000 SEK (approximately â¬106) plus 250 SEK (VAT) and more information, along with registration, can be found here.
The first L-Root instance in Indonesia has been successfully installed in Jakarta, increasing the Domain Name System’s (DNS) overall fault tolerance and its resilience against certain types of cyber threats, such as Distributed Denial of Service (DDoS) attacks.
The launch of the L-Root server node is a joint operation between ICANN and Pengelola Nama Domain Internet Indonesia (PANDI), Indonesia’s Country Code Top Level Domain Operator of .id, who supplied the equipment necessary for the installation of the new L-Root node.
“We are very pleased to host the L-Root which is the third root server in Indonesia, in addition to the existing I- and F-Root servers. It is important to improve the reliability, speed and resilience of the Internet in our country,” said PANDI Chairman, Andi Budimansyah.
“The successful installation of Indonesia’s first L-Root instance is a historical moment made possible with ICANN‘s collaboration with PANDI, as well as the multi-stakeholder community of Indonesia, including the Indonesian government that has been a close partner of ICANN in the region. This is a testimony of ICANN‘s commitment to Indonesia and we look forward to bringing in more L-Root instances into the country,” said Kuek Yu-Chuang, ICANN Vice President and Managing Director for Asia Pacific.
This cooperation is an effort to enhance the security, stability and resiliency to Indonesian Internet users and reduce the response time experienced when making some DNS queries.
Bambang Heru Tjahjono, Director General of the Indonesia Ministry of Communication and Information Technology (MCIT) said, “The Ministry of Communication & Information Technology highly appreciate any activities related to the ICT programs that improve the reliability of internet and internet governance in Indonesia. One of our main objectives is to strengthen the national DNS. With an L-Root instance in Indonesia, and with closer cooperation with ICANN, Indonesia’s Internet governance is expected to be increasingly well-organized and the security, reliability and integrity of the operation of the Internet in Indonesia will significantly improve.”
There are 13 “root” DNS servers, identified by the letters A through M â the “L” root server operated by ICANN being one. Computers typically communicate with each other using numeric addresses, while humans find it easier to use and remember names (for instance, users typically remember the domain name “ICANN.ORG” more easily than the Internet Protocol address, 2620:0:2d0:200::7). The DNS translates names into addresses and the root servers provide the pointers to the server for top-level domains (the last part of domain names, for example, “ORG” in “ICANN.ORG”).
Spreading this root information out geographically by duplicating the root servers leads to a resilient, dispersed system that reduces the risk of being taken offline by a problem or attack and reduces the time it takes to look up names on the Internet.
For more information about L-root, please visit www.dns.icann.org/.
This ICANN news release was sourced from:
Europe continues to lead in IPV6 adoption with eight of the top ten countries, the latest Akamai State of the Internet report finds while DDoS attacks decrease by 20 percent quarter-over-quarter, but rise 27 percent year-over-year.The report, covering the first quarter of 2014, found more than 795 million unique IPv4 addresses from 240 countries/regions connected to the Akamai Intelligent Platform. This was 1.6 percent more than in the fourth quarter of 2013 and 7.8 percent more than a year prior. Quarterly growth was seen in six of the top 10 countries/regions. Brazil was again a standout with 12 percent and 50 percent of quarterly and yearly growth, respectively.European countries continued to lead in IPv6 adoption, taking eight of the top ten slots. Belgium grew nearly 200 percent quarter-over-quarter, jumping to first place with 14 percent of its traffic over IPv6. The United States and Peru were the only two countries from the Americas within the top 10, while Japan fell out of the top 10, leaving the Asia Pacific region unrepresented within the group.Looking at attack traffic and security, the report found the concentration of attacks decreased significantly as compared to the fourth quarter of 2013, with the top ten countries/regions originating 75 percent of observed attacks, down from 88 percent in the prior quarter.On Distributed Denial of Service (DDoS) attack traffic, the report found most regions of the world saw a decline in reported DDoS attacks during the first quarter of 2014. The Americas continued to account for approximately 49 percent (139) of all attacks, followed by the Asia Pacific region with 31 percent (87) of attacks and Europe, Middle East and Africa (EMEA) receiving the remaining 20 percent (57) of DDoS traffic. The enterprise sector saw a 49 percent quarter-over-quarter reduction in attack traffic, while public sector attack traffic grew by 34 percent, primarily attributable to attacks against government targets within Singapore.The report also covers global mobile connectivity (South Korea was fastest with average download speeds of 14.7 Mbps), 4K readiness (globally, 11 percent of connections were at speeds of 15 Mbps or above, fast enough to stream 4K TV, in the first quarter) and global average connection speeds and global broadband connectivity (global average connection speed climbed 1.8 percent to continue its steady growth over recent quarters, and while global average peak connection speeds dropped 8.6 percent in the first quarter of 2014, year-over-year trends remained positive with a 13 percent increase).For more information, see the Akamai news release below, or follow the link to the Akamai site where there are links to download further information. The news release was sourced from: www.akamai.com/html/about/press/releases/2014/press-062614.html.Akamai Releases First Quarter 2014 ‘State of the Internet’ Report
- Global average connection speeds up 1.8%, while global average peak connection speeds drop 8.6%
- Europe continues to lead in IPV6 adoption with eight of the top 10 countries
- DDoS attacks decrease by 20% quarter-over-quarter, but rise 27% year-over-year
- 11% of global connections are “4K ready”
Akamai Technologies, Inc., the leading provider of cloud services for delivering, optimizing and securing online content and business applications, today (26 June) released its First Quarter, 2014 State of the Internet Report. Based on data gathered from the Akamai Intelligent Platform™, the report provides insight into key global statistics such as connection speeds, overall attack traffic, network connectivity/availability issues, and traffic patterns across leading Web properties and digital media providers.The report also includes insight into NTP reflection and WordPress XML-RPC pingback attacks, the status of IPv4 exhaustion and IPv6 adoption, and global 4K readiness.Data and graphics from the First Quarter, 2014 State of the Internet Report can be found on the Akamai State of the Internet site and through the Akamai State of the Internet app for iPads and iPhones.Highlights from Akamai’s First Quarter, 2014 State of the Internet Report:Global Average Connection Speeds and Global Broadband Connectivity
The global average connection speed climbed 1.8% to continue its steady growth over recent quarters, and while global average peak connection speeds dropped 8.6% in the first quarter of 2014, year-over-year trends remained positive with a 13% increase.With the global average connection speed at 3.9 Mbps as of quarter-end, it is expected that the measurement will surpass the 4 Mbps broadband threshold next quarter. In the first quarter, nine of the top 10 countries/regions saw increases in average connection speeds, including an 8% jump for first place South Korea (23.6 Mbps), which is now 9 Mbps ahead of second place Japan (14.6 Mbps). Of the top 10 countries, only the Czech Republic experienced a decrease in average connection speed, remaining in eighth place with a 1.9% drop.With the global average connection speed at 3.9 Mbps as of quarter-end, it is expected that the measurement will surpass the 4 Mbps broadband threshold next quarter. In the first quarter, nine of the top 10 countries/regions saw increases in average connection speeds, including an 8% jump for first place South Korea (23.6 Mbps), which is now 9 Mbps ahead of second place Japan (14.6 Mbps). Of the top 10 countries, only the Czech Republic experienced a decrease in average connection speed, remaining in eighth place with a 1.9% drop.Year-over-year, global average connection speeds grew by 24% and increases were seen in all but seven countries/regions. Growth ranged from a low of 0.7% in Panama (2.6 Mbps) to a high of 196% in Sudan (3.2 Mbps). South Korea showed a 145% increase from the first quarter of 2013, a growth rate that nearly tripled Ireland’s 47% increase, which ranked second in year-over-year growth among the top 10.Increases in global average peak connection speeds during the first quarter of 2014 ranged from 0.2% in Colombia (16.8 Mbps) to 76% in Sudan (13.4 Mbps). A total of 43 qualifying countries/regions saw quarter-over-quarter increases in their average peak connection speeds, whereas 92 qualifying countries/regions saw declines.The year-over-year story remains positive. Since the first quarter of 2013, global average peak connection speeds increased 13%. Yearly growth rates among the top 10 countries/regions ranged from 0.3% in Hong Kong (66 Mbps) to an impressive 206% in Uruguay (45.4 Mbps).Global high broadband (>10 Mbps) adoption rates in the first quarter improved by 9.4% quarter-over-quarter, climbing above the 20% mark for the first time, to 21%. Once again, all of the countries/regions in the top 10 had high broadband adoption rates of 30%, with South Korea (77%), Japan (54%) and Switzerland (45%) topping the list. The year-over-year growth rate was 65%, with six of the top 10 countries/regions seeing increases of 50% or more.The global broadband (>4 Mbps) adoption rate grew a nominal 1.7% from the fourth quarter of 2013 to reach 56% in the first quarter of 2014. Of the countries/regions that qualified, 76 had higher broadband adoption rates this quarter – growth ranged from 0.2% in Canada (82% adoption) to 1,208% in Sudan (21% adoption). Since the first quarter of 2013, global broadband adoption rates grew by 24%, with extremely large year-over-year upticks seen in Kenya (1,100% to 4.9% adoption), Uruguay (3,298% to 34% adoption) and Sudan (5,926%).”While there continues to be room for improvement in high broadband adoption and average peak connection speeds in some areas of the world, the trends we’re seeing remain very positive,” said David Belson, the author of the report. “Steady year-over-year growth suggests that a strong, global foundation is being built for the enjoyment of next generation content and services like 4K video and increasingly connected homes and offices, and that connectivity will continue to evolve to support the growing demands these emerging technologies will place on the Internet.”4K Readiness
With 4K (Ultra HD) adaptive bitrate streams generally requiring between 10 – 20 Mbps of bandwidth, the new “4K Readiness” metric presented for the first time in the First Quarter, 2014 State of the Internet Report highlights the percentage of connections to Akamai at speeds above 15 Mbps, with the goal of identifying candidate geographies most likely to be able to sustain such streams. The findings do not account for other “readiness” factors, including availability of 4K-encoded content or 4K-capable televisions and players.Globally, 11% of connections were at speeds of 15 Mbps or above in the first quarter. Seven of the top 10 countries/regions on the 4K readiness list overlapped with those on the global high broadband connectivity list. South Korea led the list with 60% 4K readiness while Japan had 32% of its connections at that level in the first quarter. Of the top 10, the Czech Republic had the lowest level of 4K readiness with 17%. Overall, 47 countries/regions qualified for inclusion.Attack Traffic and Security
Akamai maintains a distributed set of unadvertised agents deployed across the Internet to log connection attempts that the company classifies as attack traffic. Based on the data collected by these agents, Akamai is able to identify the top countries from which attack traffic originates, as well as the top ports targeted by these attacks. It is important to note, however, that the originating country as identified by the source IP address may not represent the nation in which an attacker resides.During the first quarter of 2014, Akamai observed attack traffic originating from 194 unique countries/regions – six more than the fourth quarter of 2013. China was again responsible for originating the most attacks, but dropped slightly from 43% in the fourth quarter of 2013 to 41% in the first quarter of 2014. The United States followed in second place, but also saw a decline from 19% to 11%, and Indonesia saw a slight uptick from 5.7% to 6.8% to secure third place. Overall, the concentration of attacks decreased significantly as compared to the fourth quarter of 2013, with the top 10 countries/regions originating 75% of observed attacks, down from 88% in the prior quarter.Port 445 (Microsoft-DS) remained the most targeted port in the first quarter of 2014, but the associated attack traffic volume was down to 14% of observed attack traffic (from 30% in the third quarter of 2013). Conversely, Port 5000 (Universal Plug & Play/UPnP) saw a significant increase during the quarter – from less than a tenth of a percent in the fourth quarter of 2013 to 12% this quarter – an increase of more than 100 times. Port 23 (Telnet) ranked third with 8.7% of observed attack traffic.Distributed Denial of Service (DDoS) Attack Traffic
In addition to observations on attack traffic, the State of the Internet Report includes insight into DDoS attacks based on reports from Akamai’s customers. The number of DDoS attacks reported in the first quarter of 2014 declined to 283 from 346 in the last quarter of 2013. This represents a 20% decrease quarter-over-quarter and a 27% increase year-over-year.Most regions of the world saw a decline in reported DDoS attacks during the first quarter of 2014. The Americas continued to account for approximately 49% (139) of all attacks, followed by the Asia Pacific region with 31% (87) of attacks and Europe, Middle East and Africa (EMEA) receiving the remaining 20% (57) of DDoS traffic. The enterprise sector saw a 49% quarter-over-quarter reduction in attack traffic, while public sector attack traffic grew by 34%, primarily attributable to attacks against government targets within Singapore.IPv4 and IPv6
In the first quarter of 2014, more than 795 million unique IPv4 addresses from 240 countries/regions connected to the Akamai Intelligent Platform. This was 1.6% more than in the fourth quarter of 2013 and 7.8% more than a year prior. Quarterly growth was seen in six of the top 10 countries/regions. Brazil was again a standout with 12% and 50% of quarterly and yearly growth, respectively.European countries continued to lead in IPv6 adoption, taking eight of the top 10 slots. Belgium grew nearly 200% quarter-over-quarter, jumping to first place with 14% of its traffic over IPv6. The United States and Peru were the only two countries from the Americas within the top 10, while Japan fell out of the top 10, leaving the Asia Pacific region unrepresented within the group.The report also lists the top 20 network providers based on their number of IPv6 requests made to Akamai during the first quarter. The highest request volumes came from cable and wireless providers in the United States. Verizon Wireless had the highest percentage (45%) of requests over IPv6, while 12 other providers also had more than 10% of their requests to Akamai over IPv6 during the first quarter. European providers were also heavily represented, including three providers from Belgium with strong showings. KDDI (Japan) and Telekom Malaysia were the only two providers to represent the Asia Pacific region, while Telefonica del Peru was the only South American provider on the list.Mobile Connectivity
In the first quarter of 2014, average mobile connection speeds ranged from 1.0 Mbps in Argentina to 14.7 Mbps in South Korea. Though the latter was the only country/region with average mobile connection speeds above the 10 Mbps high-broadband threshold, 20 countries/regions had average connection speeds above the 4 Mbps threshold. A total of 56 countries/regions qualified for inclusion in the mobile section. Note that starting with the First Quarter, 2014 State of the Internet Report, mobile connectivity is being aggregated at a country level, rather than at a provider level.Average peak mobile connection speeds among qualifying countries spanned a broad range, from 114.2 Mbps in Australia down to just 5.0 Mbps in Iran. In total, 43 countries showed average peak connection speeds above 10 Mbps.The State of the Internet Report now includes a broadband adoption statistic within the Mobile Connectivity section. This quarter, Ukraine had the highest level of mobile broadband adoption, with 89% of mobile connections to Akamai from the country at speeds above 4 Mbps.About the Akamai State of the Internet Report
Each quarter, Akamai publishes a “State of the Internet” report. This report includes data gathered from across the Akamai Intelligent Platform about attack traffic, broadband adoption, mobile connectivity and other relevant topics concerning the Internet and its usage, as well as trends seen in this data over time. To learn more and to access the archive of past reports, please visit www.akamai.com/stateoftheinternet. To download the figures from the First Quarter, 2014 State of the Internet Report, please visit: http://wwwns.akamai.com/soti/soti_q114_figures.zip.About Akamai
Akamai® is the leading provider of cloud services for delivering, optimizing and securing online content and business applications. At the core of the Company’s solutions is the Akamai Intelligent Platform™ providing extensive reach, coupled with first class reliability, security, visibility and expertise. Akamai removes the complexities of connecting the increasingly mobile world, supporting 24/7 consumer demand, and enabling enterprises to securely leverage the cloud. To learn more about how Akamai is accelerating the pace of innovation in a hyperconnected world, please visit www.akamai.com or blogs.akamai.com, and follow @Akamai on Twitter.