Optimal Protection against Cyber Attacks
Manfred Fochler from Akamai explores the impact of DDoS attacks, and describes a mitigation case study of the football team FC Bayern Munich
Through its globally deployed Intelligent Platform, Akamai has strong visibility into broadband connectivity, media delivery and cloud security. Based on these assets, Akamai protects enterprises and other organizations against various threats such as DDoS attacks.
On its globally distributed Intelligent Platform, Akamai – the global leader for Content Delivery Network (CDN) services – processes trillions of Internet transactions each day. From these fundamental metrics, including Internet connection speeds, network connectivity, availability issues, and cloud security as well as traffic patterns across leading web properties and digital media providers, key trends can be derived. Based on this data, Akamai publishes its State of the Internet / Connectivity and State of the Internet / Security Reports each quarter.
Botnets are fueled by compromised IoT devices
During the last few months of 2016, Akamai saw an increasing number of DDoS attacks. In September, two notable attacks took place, one of them with 555 Gbps and the other one with 623 Gbps. Those attacks were two of the biggest attacks ever experienced. Responsible for the latter attack was a malware-based botnet called Mirai that was fueled by compromised Internet of Things (IoT) devices. And the Mirai botnet spread astoundingly fast. Telnet, default usernames, and passwords are used by Mirai to infect devices that then receive further instructions while scanning for additional weak spots.
Akamai’s State of the Internet / Security Report for the third quarter 2016 provided detailed information about DDoS and web application attack trends. The report elaborated, for example, how mega attacks continued to evolve. Especially noteworthy: of the 19 mega attacks with more than 100 Gbps, 13 were targeted at the media and entertainment sector, four targeted the gaming industry, and two targeted software & technology companies.
In spring 2016, Akamai published a white paper about how corporations can manage professional bots — for example, aggressive bot behavior, methods used by botnets and how to mitigate them. For many organizations, bots represent a remarkable figure of their overall site traffic, ranging from good bots engaged in essential business tasks to bad bots performing harmful activities. A white paper entitled “Scrapers and Bot Series Managing Professional Bots” explains – based on a few examples – how attacks use different scrapers, bots and DDoS methods to increase the load on networks, webservers, and backend databases. Even large sports clubs, which are strategically focused on international business, can become a target of cyber attacks.
FC Bayern Munich mitigated DDoS Attack in November 2016
On 5 November 2016, FC Bayern, a German football club and Akamai customer, reported an incident. For two hours, the website login dialogue (login.fcbayern.com) was strongly under attack. FCBayern.com provides exclusive and personalized content, simple competition participation, easy access to offers, and a lot of services for fans and club members. The website is an important business and marketing tool for the football club.
The website team of FC Bayern received 928,052 logins on 5 November 2016, which corresponds to 128 logins per second. The attack was also flagged by Akamai’s web application firewall (WAF), which FC Bayern had in use. As the WAF was configured to monitor every request, the attack was mitigated and subsequently analyzed. The attacking IPs were detected and isolated so that "normal" registrations could be processed cleanly while the WAF held off malicious traffic. This attack on FC Bayern was also reported to the German police, in order to find the culprits. “Thanks to Akamai’s technology, our users were not affected at all”, said Michael Fichtner, Chief Information Officer at FC Bayern Munich.
Please note: The opinions expressed in Industry Insights published by dotmagazine are the author’s own and do not reflect the view of the publisher, eco – Association of the Internet Industry.