The State of the Internet/Security Report released by Akamai Technologies that analysed more than 7.3 trillion bot requests per month, found a sharp increase in the threat of credential abuse, with more than 40 percent of login attempts being malicious.
According to the Ponemon Institute, credential stuffing attacks can cost businesses as much as $2.7 million on an annual basis. In addition, Akamai’s data further indicates that DDoS attacks remain a consistent threat and the Mirai botnet is still capable of strong bursts of activity.
Akamai researchers have seen recent hacker activity turning to exploit remote code execution vulnerabilities in enterprise-level software to make enterprise systems part of the botnet threat. For example, hackers have been exploiting vulnerabilities in the GoAhead embedded HTTP server—which has 700,000 potential targets—and Oracle WebLogic Server. Aided by the disclosure of Spectre and Meltdown earlier this year, both vulnerabilities open the door to a new wave of attacks, including the surreptitious installation of crypto mining programs that tie up computing resources.
“A key motive of attackers has always been financial profit. In the past few years, we have seen adversaries move to more direct methods to achieve that goal such as ransomware,” said Martin McKeay, senior security advocate and senior editor, State of the Internet / Security Report. “Crypto mining offers attackers the most direct avenue to monetize efforts by putting money immediately into their cryptowallets.”
Akamai’s findings also confirmed that the total number of DDoS attacks last quarter (Q4 2017) increased 14 percent from the same time last year (Q4 2016). While previous reports from this year showed the intensity of the Mirai botnet fading, Akamai saw a spike of nearly 1 million unique IP addresses from the botnet scanning the Internet in late November, showing that it is still capable of explosive growth.
The report also found that the hospitality industry suffered as the biggest target of fraudulent credential attacks, with 82 percent of their login attempts being from malicious botnets.
Meanwhile, the financial industry saw a sharp increase in the number of DDoS attacks, experiencing 298 DDoS attacks against 37 distinct organisations last quarter.
“Increased automation and data mining have caused a massive flood of bot traffic to impact websites and Internet services. Although most of that traffic is useful for Internet businesses, cybercriminals are looking to manipulate the powerful volume of bots for nefarious gains,” said McKeay. “Enterprises need to watch who is accessing their sites to differentiate actual humans from both legitimate and malicious bots. Not all web traffic and not all bots are created equal.”