Distributed Denial of Service (DDoS) attacks have continued in high numbers and with high average and peak bandwidths, according to Akamai's Prolexic Q2 2014 Global DDoS Attack Report.
Compared to the second quarter of 2013, there was a 22% increase in total DDoS attacks and 72% increase in average attack bandwidth. Compared to the first quarter of 2014, there was a 0.2% decrease in total DDoS attacks and a 14% decrease in average attack bandwidth.
When building server-side botnets, attackers have been targeting Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS) vendors with server instances running software with known vulnerabilities, such as versions of the Linux, Apache, MySQL, PHP (LAMP) stack and Microsoft Windows server operating systems.
They have also targeted vulnerable versions of common web Content Management Systems (CMS) such as WordPress and Joomla or their plugins.
While the use of server-based botnets has increased, the itsoknoproblembro (Brobot) botnet, also based on server infection, has remained a threat. Attacks in the second quarter of 2014 provided indications that the botnet is still in place from its earlier use in the Operation Ababil attacks against financial institutions in 2011-2013. Once thought to have been cleaned up, it appears the botnet has been surreptitiously maintained.
Reflection and amplification attacks were more popular in the second quarter of 2014 as compared to the same period in 2013, representing more than 15% of all infrastructure attacks.
These attacks take advantage of the functionality of common internet protocols and misconfigured servers. While the use of NTP reflection attacks was down significantly in the second quarter of 2014, likely due to community cleanup work, SNMP reflector attacks surged during the quarter, filling the void.