akamai’s [state of the internet]

Q4 2015 executive review

[state of the internet] / Q4 2015 executive review

2 Download the full reports at www.stateoftheinternet.com

about the review / Akamai, the world’s leading

content delivery network (CDN) provider, uses

its globally distributed Intelligent PlatformTM to

process trillions of Internet transactions each day.

This allows us to gather massive amounts of data on

many metrics related to broadband connectivity, cloud

security, and media delivery. The State of the Internet

program was built to leverage that data in order to

better enable businesses and governments to make

intelligent, strategic decisions. Each quarter, Akamai

uses this data to publish reports in the State of the

Internet program focused on broadband connectivity

and cloud security.

[state of the internet] / Q4 2015 executive review

3 Download the full reports at www.stateoftheinternet.com

GLOBAL BROADBAND LEADERS

5.6 Mbps /Global Average

Connection Speed

32.5 Mbps /Global Average

Peak Connection Speed

Country/Region Q4 2015Avg. Mbps

– Global 5.6

1 South Korea 26.7

2 Sweden 19.1

3 Norway 18.8

4 Japan 17.4

5 Netherlands 17.0

6 Hong Kong 16.8

7 Latvia 16.7

8 Switzerland 16.7

9 Finland 16.6

10 Denmark 16.1

Country/Region Q4 2015Peak Mbps

– Global 32.5

1 Singapore 135.7

2 Hong Kong 105.2

3 South Korea 95.3

4 Macao 83.1

5 Japan 82.9

6 Indonesia 79.8

7 Mongolia 78.9

8 Taiwan 78.8

9 Qatar 77.8

10 Romania 73.6

Global Top 10 / Average Peak Connection SpeedsGlobal Top 10 / Average Connection Speeds

internet and broadband adoption / The State of the Internet / Connectivity Report is now in its 8th year of publication. In it, Akamai reports extensively on global Internet connection speeds, network connectivity/availability issues, and IPv6 adoption progress.

[state of the internet] / Q4 2015 executive review

4 Download the full reports at www.stateoftheinternet.com

Broadband Adoption / This section illustrates the global leaders for the highest percentage of unique ip addresses connecting to Akamai with average connection speeds above four separate thresholds.

Available IPv4 Space Continues Steady Decline:

IPv4

Ad

dre

sses

(Mill

ions

)

0

5

10

15

20

25

30

35

45

40

1-Oct 8-Oct 15-Oct 22-Oct 29-Oct 26-Nov 3-Dec 10-Dec 17-Dec 24-Dec 31-Dec5-Nov 12-Nov 19-Nov

RIPENCCLACNICAPNICAFRINIC

Available IPv4 Address Pool Size by RIR, Q4 2015

97%4+ Mbps

81%10+ Mbps

South KoreaSouth Korea

63%15+ Mbps

South Korea

37%25+ Mbps

South Korea

DOWNLOAD THE FULL REPORT

TAPHERE

IPv4 Exhaustion and IPv6 Adoption / Country with the highest percentage of

content requests made to Akamai over IPV6:

37%OF TRAFFIC OVER IPv6

Belgium

[state of the internet] / Q4 2015 executive review

5 Download the full reports at www.stateoftheinternet.com

Total Number of IPv4 Address Pool Size by RIR, Q4 2015IP

v4 A

dd

ress

es (M

illio

ns)

0

2

4

6

8

10

12

1-Oct 8-Oct 15-Oct 22-Oct 29-Oct 26-Nov 3-Dec 10-Dec 17-Dec 24-Dec 31-Dec5-Nov 12-Nov 19-Nov

RIPENCCLACNICARINAPNICAFRINIC

[state of the internet] / Q4 2015 executive review

6 Download the full reports at www.stateoftheinternet.com

CLOUD SECURITY

YEAR-OVER-YEAR STATS [Q4 2014 – Q4 2015]

149% increase in total DDoS attacks

169% increase in infrastructure layer (layers 3 & 4) DDoS attacks

49% decrease in the average DDoS attack duration: 14.95 vs. 29.33 hours

44% decrease in DDoS attacks > 100 Gbps: 5 vs. 9

28% increase in total web application attacks

29% increase in web application attacks over HTTP

24% increase in web application attacks over HTTPS

12% increase in SQLi attacks

LARGEST ATTACK

Q4 2015

Q3 2015

309 Gbps

149 Gbps

Cloud Security / The q4 2015 State of the Internet / Security Report combines DDoS attack data on the routed network with web application and DDoS attack data from the Akamai Intelligent Platform™.

DDoS Update / Attack activity over the routed network continued to surge, once again setting a record for the number of DDoS attacks and increasing 149% compared with attacks just one year ago. At the same time, average peak bandwidth, volume, and duration have decreased, continuing a trend from the past year as malicious actors have come to rely on stresser/booter sites instead of botnets. Booter/stresser sites rely heavily upon reflection techniques to fuel attacks and are less capable of producing high bandwidth and volume.

[state of the internet] / Q4 2015 executive review

7 Download the full reports at www.stateoftheinternet.com

Repeat DDoS attacks were the norm, with an average of 24 attacks per targeted customer. Three targets were subject to more than 100 attacks each, and one customer alone suffered 188 attacks — more than two per day for the quarter.

Fifty-six percent of the DDoS attacks mitigated in Q4 2015 were multi-vectored; 3% used five or more attack types.

Five attacks exceeded 100 Gbps, including one attack against a customer in the software and technology sector that peaked at 309 Gbps and 202 Mpps. The software and technology industry was targeted in 23% of the attacks, while gaming was targeted 54% of the time.

While the median size of DDoS attacks has varied only slightly in recent quarters, the number of attacks has continued to grow dramatically since 2013.

The boxes for each quarter represent the middle 50% of attacks by attack size, while each dot represents an individual attack. The size axis has a logarithmic scale; the upper attacks are many thousands of times larger than the lower ones.

0.100

10.000

0.001

DDoS Size and Frequency as a Function of Time

Gb

ps

Quarter

Q4 2013 Q2 2015 Q3 2015 Q4 2015Q1 2014 Q2 2014 Q3 2014 Q4 2014 Q1 2015

[state of the internet] / Q4 2015 executive review

While we have observed attacks in excess of 200 Mpps for three quarters in a row, the vast majority of attacks remain under the 30 Mpps threshold. The attacks exceeding 200 Mpps are indicators of large DDoS botnets and well-connected, powerful servers. These high packet rates would likely hinder or completely halt communications on low to even mid-range networking devices.

Since Q4 2013, the median packet rate has hovered around 1 Mpps, as shown by the tight cluster of bubbles near the bottom of the graph. Each bubble represents one attack.

Turkey / 22% Korea / 9%China / 28% USA / 15% Mexico / 8%

Top 5 source countries for DDoS attacks in Q4 / Non-spoofed attacking IP addresses by source country for DDoS attacks mitigated during Q4 2015

50

100

150

200

0

The DDoS Attack Packet Rate, Q4 2013 – Q4 2015

Mp

ps

Quarter

Q4 2013 Q2 2015 Q3 2015 Q4 2015Q1 2014 Q2 2014 Q3 2014 Q4 2014 Q1 2015

8 Download the full reports at www.stateoftheinternet.com

[state of the internet] / Q4 2015 executive review

9 Download the full reports at www.stateoftheinternet.com

Scanning & Probing Activity / Telnet was the top scanned destination port by a wide margin, accounting for 24% of what was scanned. NetBIOS followed with 9% and ms-ds accounted for 7%. ssh accounted for 6%, while sip and https each accounted for 4% and http accounted for 3%. http-alt, rdp, and mssql each accounted for 2%, and the remaining 37% of scanning went to other destination ports. These scanning targets indicate high concentrations of brute-force scanning across the Internet as malicious actors search for vulnerabilities.

Web Application Attack Statistics / In q4, local file inclusion (lfi) and sql injection (SQLi) attacks were the most prevalent web application attack vectors; lfi was used in 41% of the attacks, followed by SQLi (28%) and PHPi (22%). There was a 28% increase in web application attacks compared to Q3. Once again the retail industry was hit hardest, targeted in 59% of the attacks. The media & entertainment (10%) and hotel & travel (10%) sectors were the next frequently targeted industries.

Once again, the u.s. was the main source of web application attacks (56%), and sites within the u.s. were the most common attack targets (77%).

14

12

10

8

6

4

2

0

Perc

enta

ge

Industry

Ret

ail P

erce

ntag

e

70

60

50

40

30

20

10

0

9.87

Media &Entertainment

FinancialServices

7.37

9.83

Hotel &Travel

4.23

HighTechnology

PublicSector

1.31

Other

3.88

Manufacturing

1.93

Retail

58.55

ConsumerGoods

3.02

Web Application Attacks by Industry, Q4 2015

[state of the internet]

EditorDavid Belson

DesignShawn Doughty, Creative DirectionBrendan O’Hara, Art Direction/Design

Contactstateoftheinternet@akamai.comTwitter: @akamai_soti / @akamai www.stateoftheinternet.com

[state of the internet] / secur i ty

State of the Internet / Security TeamDavid Fernandez, Editor in ChiefKimberly Gomez, Project ManagerBill Brenner, Managing EditorJose Arteaga, Data Visualization and ResearchEzra Caltum, Web Application Threat ResearchMartin McKeay, Senior EditorJon Thompson, Threat Data ModelingRyan Barnett, Threat ResearchPatrick Laverty, Security Research

DesignShawn Doughty, Creative DirectionBrendan O’Hara, Art Direction/Design

Contactstateoftheinternet@akamai.comTwitter: @State_Internet / @akamaiwww.stateoftheinternet.com

©2016 Akamai Technologies, Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited. Akamai and the Akamai wave logo are registered trademarks. Other trademarks contained herein are the property of their respective owners. Akamai believes that the information in this publication is accurate as of its publication date; such information is subject to change without notice. Published 03/16.

Akamai is headquartered in Cambridge, Massachusetts in the United States with operations in more than 57 offices around the world. Our services and renowned customer care are designed to enable businesses to provide an unparalleled Internet experience for their customers worldwide. Addresses, phone numbers, and contact information for all locations are listed on www.akamai.com/locations.

As the global leader in Content Delivery Network (cdn) services, Akamai makes the Internet fast, reliable, and secure for its customers. The company’s advanced web performance, mobile performance, cloud security, and media delivery solutions are revolutionizing how businesses optimize consumer, enterprise, and entertainment experiences for any device, anywhere. To learn how Akamai solutions and its team of Internet experts are helping businesses move faster forward, please visit www.akamai.com or blogs.akamai.com, and follow @Akamai on Twitter.

Download the Ful l Reports

[state of the internet] report

Q4 2015

[state of the internet] / security report

Q4 2015