Latest report shows significant changes in the scale and type of attacks being executed, as recorded by one of the largest internet infrastructure companies that includes additional data sources. Akamai published their quarterly report today (January 23, 2013) and I am nearly through it … a few striking details that shift how I will recommend clients to identify; consider; and mitigate risks. The top two items that are significant (one obvious) and important include:
- China held its spot as the #1 source of observed attack traffic at 33%, with the United States at #2 at 13% (Not a huge surprise but an affirmation for many)
- The amount of attack traffic that was seen during the activist (Operation Ababil) DDoS attacks was ~60x larger than the greatest amount of traffic that it had seen before for similar activist-related attacks (The volume, intensity, and strategy of the attacks is important as most do not consider a SIXTY TIMES in factor in risk mitigation calculations)
About the Akamai State of the Internet report
Each quarter, Akamai publishes a “State of the Internet” report. This report includes data gathered from across the Akamai Intelligent Platform about attack traffic, broadband adoption, mobile connectivity and other relevant topics concerning the Internet and its usage, as well as trends seen in this data over time. Please visit www.akamai.com/stateoftheinternet
You can request access to (registration) the report here, and the individual images from the report available here. There is also a great set of write-ups coming out here and here.
Senior leadership (board of directors, audit committee members, CIO, COO) must ensure these realities are absorbed into the organization’s business processes. Leadership and strategy shifts required to tackle these evolutions remains an executive responsibility.
James DeLuccia IV
*See me speak at RSA 2013 in February on – The Death of Passwords
Posted in Compliance, IT Controls, Security
Tagged 2013, akamai, best practices, cybersecurity, ddos, denial of service attacks, ffiec, infosec, it compliance and controls, IT Controls, james deluccia, jdeluccia, sec disclosure, Security, statistics
There is a great deal of misinformation regarding the Denial of Service Attack that has been ongoing. While many of the facts are not fully available the misinformation is plainly visible.
- First off, a denial of services attack (ddos or dos) can be launched from anywhere in the world.
- Secondly, such an attack is typically done using computers that have been infected by malware – unbeknown to the user / owner.
- Thirdly, such attacks can be coordinated through multiple locations – the end result, no abosolute clear view as to the originator of the crime.
The Wall Street Journal Article, New Web Attacks Hit Some South Korean Sites, today blended two stories together. That of the cyberattack that is present and loose ties to how N. Korea is having leadership changes and is more aggressive militarily (a weak correlation to be sure). Another news story at The Hankyoreh paper (link is in English and available in Korean) states that 26,000 computers in South Korea were executing the DDoS attack. They provide an interesting perspective on how this attack differs from others. It is inaccurate however for them to be physically examining a computer (as shown in the picture included in the article) and it’s chips to determine the cause of the attack – it is malware (MyDoom, Conflicker, etc…)
Additional Articles with information on this denial of services attack:
The security industry has been stating the danger of allowing such malware to infect systems, and the result is now evident. This attack is only orchestrating an attack with 26,000 computers. The University of California Researchers had control of over 182,914 hosts – nearly 7 TIMES more systems, and this one attack that is ongoing is from one particular geographic location.
A note of caution, attacks such as this create a lot of noise. Such noise can be used to conceal elicit activities of criminals. In the security and audit world we expect and have in place technology to trigger alerts and initiate security protocols when such events occur. If the number of events however exhaust the resources, then prioritization begins to play a part. Businesses, and governments, must consider these conditions and risks when responding to such situations.
Situations such as these should evoke thought and action, but not necessarily motion – as Benjamin Franklin states quite eloquently, “Never confuse motion with action”. It would be ill advised for governments to erect vast regulatory bodies / Czars / Committee reviews of this situation – the cause and solution are known, just precise action and response is required.
Contrary Thoughts / Insights into the actual originators?
James DeLuccia IV
My profile on LinkedIN
I will be speaking at RSA 2009 Europe, please register and join the discussion on the future of data security and privacy (links coming soon)