Distributed denial of service (DDoS) attacks represent the most common method used to breach organizations, according to research conducted by cloud delivery platform provider Akamai Technologies.
Key findings from Akamai's "Summer 2018 State of the Internet/Security: Web Attack" report included:
- Akamai recorded 7,822 mitigated DDoS attacks between summer 2017 and summer 2018.
- There were increases in DDoS (16 percent), infrastructure-layer (16 percent), reflection-based (4 percent) and application-layer (38 percent) attacks year over year.
- The largest DDoS attack measured 1.35 Tbps.
DDoS attacks are easy to launch and disruptive to organizations, Akamai indicated. As such, organizations should expect to see larger, more destructive DDoS attacks before the end of the year.
Cybercriminals Target the Hospitality Industry
Akamai identified approximately 112 billion bot requests and 3.9 billion malicious login attempts against websites belonging to airlines, cruise lines, hotels, online travel, automotive rental and transportation organizations. In addition, nearly 40 percent of web traffic across hotel and travel sites was classified as "impersonators of known browsers."
Russia, China and Indonesia directed about half of their credential abuse activity at hotels, cruise lines, airlines and travel sites, according to Akamai. Also, attack traffic origination against the hospitality industry from China and Russia combined was three times the amount of attacks originating in the United States.
How Can Organizations Address DDoS Attacks?
The Internet threat landscape is "strange and unpredictable," Akamai noted in its report. As bandwidth grows and Internet connectivity continues to extend worldwide, the risk of DDoS attacks and other cyberattacks is increasing for organizations of all sizes and across all industries.
Today's organizations must track global attack traffic trends and analyze cyber threats, Akamai stated. Cybercriminals use intelligent, adaptive tactics to bypass cybersecurity software and tools, Akamai said, and maintaining agility ensures security teams, developers and network operators can act quickly to identify and address cyber threats.
Organizations also must evaluate the health of their networks, Akamai pointed out. They can use packet captures to identify the nature of a cyberattack, along with the tool used to launch the attack.
In addition, the security community "can never grow complacent," Akamai Senior Security Advocate Martin McKeay said. If organizations update their cybersecurity strategies regularly, they may be able to stop cyberattacks before they escalate.