Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
akamai’s [state of the internet]
Q4 2015 executive review
[state of the internet] / Q4 2015 executive review
2 Download the full reports at www.stateoftheinternet.com
about the review / Akamai, the world’s leading
content delivery network (CDN) provider, uses
its globally distributed Intelligent PlatformTM to
process trillions of Internet transactions each day.
This allows us to gather massive amounts of data on
many metrics related to broadband connectivity, cloud
security, and media delivery. The State of the Internet
program was built to leverage that data in order to
better enable businesses and governments to make
intelligent, strategic decisions. Each quarter, Akamai
uses this data to publish reports in the State of the
Internet program focused on broadband connectivity
and cloud security.
[state of the internet] / Q4 2015 executive review
3 Download the full reports at www.stateoftheinternet.com
GLOBAL BROADBAND LEADERS
5.6 Mbps /Global Average
Connection Speed
32.5 Mbps /Global Average
Peak Connection Speed
Country/Region Q4 2015Avg. Mbps
– Global 5.6
1 South Korea 26.7
2 Sweden 19.1
3 Norway 18.8
4 Japan 17.4
5 Netherlands 17.0
6 Hong Kong 16.8
7 Latvia 16.7
8 Switzerland 16.7
9 Finland 16.6
10 Denmark 16.1
Country/Region Q4 2015Peak Mbps
– Global 32.5
1 Singapore 135.7
2 Hong Kong 105.2
3 South Korea 95.3
4 Macao 83.1
5 Japan 82.9
6 Indonesia 79.8
7 Mongolia 78.9
8 Taiwan 78.8
9 Qatar 77.8
10 Romania 73.6
Global Top 10 / Average Peak Connection SpeedsGlobal Top 10 / Average Connection Speeds
internet and broadband adoption / The State of the Internet / Connectivity Report is now in its 8th year of publication. In it, Akamai reports extensively on global Internet connection speeds, network connectivity/availability issues, and IPv6 adoption progress.
[state of the internet] / Q4 2015 executive review
4 Download the full reports at www.stateoftheinternet.com
Broadband Adoption / This section illustrates the global leaders for the highest percentage of unique ip addresses connecting to Akamai with average connection speeds above four separate thresholds.
Available IPv4 Space Continues Steady Decline:
IPv4
Ad
dre
sses
(Mill
ions
)
0
5
10
15
20
25
30
35
45
40
1-Oct 8-Oct 15-Oct 22-Oct 29-Oct 26-Nov 3-Dec 10-Dec 17-Dec 24-Dec 31-Dec5-Nov 12-Nov 19-Nov
RIPENCCLACNICAPNICAFRINIC
Available IPv4 Address Pool Size by RIR, Q4 2015
97%4+ Mbps
81%10+ Mbps
South KoreaSouth Korea
63%15+ Mbps
South Korea
37%25+ Mbps
South Korea
DOWNLOAD THE FULL REPORT
TAPHERE
IPv4 Exhaustion and IPv6 Adoption / Country with the highest percentage of
content requests made to Akamai over IPV6:
37%OF TRAFFIC OVER IPv6
Belgium
[state of the internet] / Q4 2015 executive review
5 Download the full reports at www.stateoftheinternet.com
Total Number of IPv4 Address Pool Size by RIR, Q4 2015IP
v4 A
dd
ress
es (M
illio
ns)
0
2
4
6
8
10
12
1-Oct 8-Oct 15-Oct 22-Oct 29-Oct 26-Nov 3-Dec 10-Dec 17-Dec 24-Dec 31-Dec5-Nov 12-Nov 19-Nov
RIPENCCLACNICARINAPNICAFRINIC
[state of the internet] / Q4 2015 executive review
6 Download the full reports at www.stateoftheinternet.com
CLOUD SECURITY
YEAR-OVER-YEAR STATS [Q4 2014 – Q4 2015]
149% increase in total DDoS attacks
169% increase in infrastructure layer (layers 3 & 4) DDoS attacks
49% decrease in the average DDoS attack duration: 14.95 vs. 29.33 hours
44% decrease in DDoS attacks > 100 Gbps: 5 vs. 9
28% increase in total web application attacks
29% increase in web application attacks over HTTP
24% increase in web application attacks over HTTPS
12% increase in SQLi attacks
LARGEST ATTACK
Q4 2015
Q3 2015
309 Gbps
149 Gbps
Cloud Security / The q4 2015 State of the Internet / Security Report combines DDoS attack data on the routed network with web application and DDoS attack data from the Akamai Intelligent Platform™.
DDoS Update / Attack activity over the routed network continued to surge, once again setting a record for the number of DDoS attacks and increasing 149% compared with attacks just one year ago. At the same time, average peak bandwidth, volume, and duration have decreased, continuing a trend from the past year as malicious actors have come to rely on stresser/booter sites instead of botnets. Booter/stresser sites rely heavily upon reflection techniques to fuel attacks and are less capable of producing high bandwidth and volume.
[state of the internet] / Q4 2015 executive review
7 Download the full reports at www.stateoftheinternet.com
Repeat DDoS attacks were the norm, with an average of 24 attacks per targeted customer. Three targets were subject to more than 100 attacks each, and one customer alone suffered 188 attacks — more than two per day for the quarter.
Fifty-six percent of the DDoS attacks mitigated in Q4 2015 were multi-vectored; 3% used five or more attack types.
Five attacks exceeded 100 Gbps, including one attack against a customer in the software and technology sector that peaked at 309 Gbps and 202 Mpps. The software and technology industry was targeted in 23% of the attacks, while gaming was targeted 54% of the time.
While the median size of DDoS attacks has varied only slightly in recent quarters, the number of attacks has continued to grow dramatically since 2013.
The boxes for each quarter represent the middle 50% of attacks by attack size, while each dot represents an individual attack. The size axis has a logarithmic scale; the upper attacks are many thousands of times larger than the lower ones.
0.100
10.000
0.001
DDoS Size and Frequency as a Function of Time
Gb
ps
Quarter
Q4 2013 Q2 2015 Q3 2015 Q4 2015Q1 2014 Q2 2014 Q3 2014 Q4 2014 Q1 2015
[state of the internet] / Q4 2015 executive review
While we have observed attacks in excess of 200 Mpps for three quarters in a row, the vast majority of attacks remain under the 30 Mpps threshold. The attacks exceeding 200 Mpps are indicators of large DDoS botnets and well-connected, powerful servers. These high packet rates would likely hinder or completely halt communications on low to even mid-range networking devices.
Since Q4 2013, the median packet rate has hovered around 1 Mpps, as shown by the tight cluster of bubbles near the bottom of the graph. Each bubble represents one attack.
Turkey / 22% Korea / 9%China / 28% USA / 15% Mexico / 8%
Top 5 source countries for DDoS attacks in Q4 / Non-spoofed attacking IP addresses by source country for DDoS attacks mitigated during Q4 2015
50
100
150
200
0
The DDoS Attack Packet Rate, Q4 2013 – Q4 2015
Mp
ps
Quarter
Q4 2013 Q2 2015 Q3 2015 Q4 2015Q1 2014 Q2 2014 Q3 2014 Q4 2014 Q1 2015
8 Download the full reports at www.stateoftheinternet.com
[state of the internet] / Q4 2015 executive review
9 Download the full reports at www.stateoftheinternet.com
Scanning & Probing Activity / Telnet was the top scanned destination port by a wide margin, accounting for 24% of what was scanned. NetBIOS followed with 9% and ms-ds accounted for 7%. ssh accounted for 6%, while sip and https each accounted for 4% and http accounted for 3%. http-alt, rdp, and mssql each accounted for 2%, and the remaining 37% of scanning went to other destination ports. These scanning targets indicate high concentrations of brute-force scanning across the Internet as malicious actors search for vulnerabilities.
Web Application Attack Statistics / In q4, local file inclusion (lfi) and sql injection (SQLi) attacks were the most prevalent web application attack vectors; lfi was used in 41% of the attacks, followed by SQLi (28%) and PHPi (22%). There was a 28% increase in web application attacks compared to Q3. Once again the retail industry was hit hardest, targeted in 59% of the attacks. The media & entertainment (10%) and hotel & travel (10%) sectors were the next frequently targeted industries.
Once again, the u.s. was the main source of web application attacks (56%), and sites within the u.s. were the most common attack targets (77%).
14
12
10
8
6
4
2
0
Perc
enta
ge
Industry
Ret
ail P
erce
ntag
e
70
60
50
40
30
20
10
0
9.87
Media &Entertainment
FinancialServices
7.37
9.83
Hotel &Travel
4.23
HighTechnology
PublicSector
1.31
Other
3.88
Manufacturing
1.93
Retail
58.55
ConsumerGoods
3.02
Web Application Attacks by Industry, Q4 2015
[state of the internet]
EditorDavid Belson
DesignShawn Doughty, Creative DirectionBrendan O’Hara, Art Direction/Design
[email protected]: @akamai_soti / @akamai www.stateoftheinternet.com
[state of the internet] / secur i ty
State of the Internet / Security TeamDavid Fernandez, Editor in ChiefKimberly Gomez, Project ManagerBill Brenner, Managing EditorJose Arteaga, Data Visualization and ResearchEzra Caltum, Web Application Threat ResearchMartin McKeay, Senior EditorJon Thompson, Threat Data ModelingRyan Barnett, Threat ResearchPatrick Laverty, Security Research
DesignShawn Doughty, Creative DirectionBrendan O’Hara, Art Direction/Design
[email protected]: @State_Internet / @akamaiwww.stateoftheinternet.com
©2016 Akamai Technologies, Inc. All Rights Reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited. Akamai and the Akamai wave logo are registered trademarks. Other trademarks contained herein are the property of their respective owners. Akamai believes that the information in this publication is accurate as of its publication date; such information is subject to change without notice. Published 03/16.
Akamai is headquartered in Cambridge, Massachusetts in the United States with operations in more than 57 offices around the world. Our services and renowned customer care are designed to enable businesses to provide an unparalleled Internet experience for their customers worldwide. Addresses, phone numbers, and contact information for all locations are listed on www.akamai.com/locations.
As the global leader in Content Delivery Network (cdn) services, Akamai makes the Internet fast, reliable, and secure for its customers. The company’s advanced web performance, mobile performance, cloud security, and media delivery solutions are revolutionizing how businesses optimize consumer, enterprise, and entertainment experiences for any device, anywhere. To learn how Akamai solutions and its team of Internet experts are helping businesses move faster forward, please visit www.akamai.com or blogs.akamai.com, and follow @Akamai on Twitter.
Download the Ful l Reports
[state of the internet] report
Q4 2015
[state of the internet] / security report
Q4 2015