Automated attacks using stolen ID on the rise

Automated attacks using stolen ID on the rise (matejmo via iStock)

The number of automated cyber attacks being made using stolen passwords and identification is on the increase, a new survey has found.

According to the Akamai State of the Internet Report 2017, a key trend last year was the growing trend for botnets such as the Android-based WireX to infect devices.

In the case of WireX, around 150,000 devices were infected over the course of a few weeks, demonstrating how swiftly mobiles could be captured and exploited. 

The botnet was taken down at a fairly early stage by the combined efforts of several companies in collaboration, with the report stating that this demonstrated how vital such cooperation is in dealing with this kind of cyber threat. 

Among the more notable trends was a shift during the course of the year in the number of web application attacks. 

Over 2017 as a whole, the tally of attacks was ten per cent up on 2016, with a 31 per cent increase in attacks arising in the US. SQLi attacks were also up ten per cent.

However, this trend reversed towards the end of the year, with the final quarter seeing a nine per cent rise in the total number of web application attacks compared with the third quarter. SQLi attacks were down by the same amount and US-based attacks fell 29 per cent.

This may suggest that the nature of attacks has altered, not least as security experts have increasingly got wise to them and have established better defences. 

DDoS attacks showed similar trends. There was a year-on-year rise of four per cent overall and reflection-based attacks were up by the same amount. There was also a 14 per cent rise in infrastructure layer attacks at layers 3 and 4. Application layer attacks soared by 22 per cent. 

However, once again these fell away late in the year. In the final quarter, total attacks were down quarter-on-quarter by just under a percentage point, with infrastructure layer 3 and 4 attacks down one per cent. Reflection-based attacks dipped three per cent and there was a dramatic 115 per cent fall in application layer attacks.