A reversal? Large-scale DDoS attacks take recent dip

Massive denial of service attacks were largely missing from the internet this summer.
Photo by Tristan Schmurr (Flickr/CC BY 2.0)

Massive denial of service attacks were largely missing from the internet this summer, according to new research from Akamai.

The second quarter of 2017 marks the first time in three years that the company didn’t see a denial of service attack measuring over 100 gigabits per second. That’s down from two such attacks at the beginning of 2017, Akamai’s Martin McKeay told CyberScoop.

The biggest attack of the quarter saw PBot DDoS malware used to launch a 75 gigabits per second attack using 400 nodes against a financial organization. That’s an extraordinarily small number of nodes compared to the usual scope of these attacks, which can reach into the tens of thousands. Even so, the weaponized traffic was significant.

The small number of nodes but large traffic from the PBot attack was characteristic of trends throughout the quarter. Akamai saw a 28 percent increase in DDoS attacks, but the number of unique IP addresses used fell, suggesting at least a temporary shift away from the kind of mass take-overs of various IoT devices exemplified by the Mirai botnet spotted throughout 2016.


The Mirai botnet has been used in multiple attacks, including most famously last October attack against the Domain Name System provider Dyn that brought down major websites including Twitter, Amazon and the New York Times.

For reference, the 2016 Mirai denial of service attack against journalist Brian Krebs reached 620 Gbps.

“We aren’t certain, but our research into the Pbot malware suggests that we’re going back to a cycle where the attacks are coming from servers, rather than IoT devices,” McKeay said. “The largest attack this quarter only used 400 IP addresses, compared to the thousands used in an IoT based attack.”

Targets range widely, but the gaming industry is taking more punches than normal. According to Akamai, who say the frequency of attacks targeting this industry is up to “81 percent of all volumetric DDoS attacks.” The extreme sensitivity of video game servers to lag make it an obvious target. Additionally, the number of DDoS attacks recorded spiked in June suggesting the possibility that, for a lot of people, this is an after-school activity. One of Akamai’s customers suffered 558 attacks.

Whatever Akamai learned in recent months, they put little stock in stagnation. Change is a constant in this arena.


“DDoS is a cyclic phenomenon,” the researchers wrote. “The chaos we’ve seen in the DDoS field over the past year has been monumental, and there’s little reason to believe the evolution has reached a stable plateau.”

Patrick Howell O'Neill

Written by Patrick Howell O'Neill

Patrick Howell O’Neill is a cybersecurity reporter for CyberScoop based in San Francisco.

Latest Podcasts