The timing of DDoS attacks was distributed more evenly in Q4, a DDoS trend that appears to be fueled by an increasing number of targets of greater value in previously underrepresented geographic locations.
In addition, geographical sources of malicious traffic have shifted. The United States and China continued as the lead source countries for DDoS traffic, but instead of the Brazil, Russia, India and China (BRIC) block that dominated in Q3 2014, Q4 DDoS attack traffic came in large part from the United States, China and Western Europe.
A look into botnets
Malware is often used for DDoS botnet expansion. Malware trends – multiplatform, operating system awareness, and destructive malware – are described in the Security Report. In addition, Akamai profiled multiple web application attack botnets using a new analysis technique that takes advantage of data gleaned from the Akamai Intelligent Platform.
The identified botnets were set up to automate the discovery of web application vulnerabilities for Remote File Inclusion (RFI) and Operating System (OS) Command Injection attacks. Akamai researchers profiled the botnets by identifying malicious code resource URLs and payloads that were identical among seemingly unrelated attacks. An attack payload was used to aggregate data and map botnet activity, actors and victim web applications. This profiling technique can help identify more attack sources.
While denial of service attacks impacts site performance significantly, web crawlers can also affect site performance to a lesser degree. The most poorly coded crawlers may even resemble DDoS traffic. Akamai classifies web crawlers based on desirability and impact on site performance.