Akamai uses data from the content distribution network to compile reports on things like broadband speeds and data usage trends. Their security report for Q1 2017 reveals that the nature of DDoS attacks has been changing recently.
We are not seeing as many massive DDoS attacks with the median size of DDoS attacks falling steadily since the beginning of 2015 when it was 4 Gbps to just over 500 Mbps this year. And while large attacks do still occur, smaller, more targeted DDoS incursions seem to be on the rise.
For example, the largest attack of Q1 2017 was the DNS Water Torture Attack which peaked at 120 Gbps. This was generated by a Mirai tool and targeted Akamai customers in the financial service industry.
The data in the report, when viewed in isolation, is interesting but when you look at the data over a longer period, it’s interesting to note how threat actors shift between different vectors over time. So while reflection attacks were down this quarter, web application attacks were up.