State of the Internet Security Report Q3 2017

The third quarter of 2017 had its share of cyber security disasters and we’ve made sure to report on each and every network or application attack that happened during these months in our quarterly State of the Internet Security Report, where everything presented in this article is illustrated in greater detail.

Though we haven’t seen attacks of the same magnitude as the ones generated last year, the Mirai botnet is neither gone nor forgotten. This quarter has also seen two attacks that exceeded 100 Gbps, with one reaching 104 Gbps and a second measuring 109 Gbps.

Book a demo today to see GlobalDots is action.

Optimize cloud costs, control spend, and automate for deeper insights and efficiency.

Book a demo today to see GlobalDots is action.

One of key points this quarter was also the Yahoo breach update, which affected a whooping number of 3 billion accounts on the platform instead of previously reported 1 billion.

Equifax, a major credit reporting company also announced it was compromised and that they’ve exposed sensitive data of 146 million US citizens.

Merck, a pharmaceutical giant and FedEx have announced losses in excess of $300 million each from the impact of NotPetya malware campaign this quarter as well.

A stylized 3D representation of the Earth with colorful lines indicating global network connections.
Image Source

There’s an interesting mix of changes going on in regards to DDoS trends this quarter. While the overall attacks are up 8% compared to the previous quarter, they’re still down 3% from the same time the previous year.

Also, after trending downward for the past couple quarters, the median attack size trended upward in the third quarter, returning to the record levels of 2016.

Surprisingly, the highest number of unique IP addresses involved in DDoS attacks came from Germany this time, while in Q2 the largest number of IP addresses originated from Egypt.

When looking at the DDoS attack frequency across industry verticals in the third quarter, the Gaming industry suffered a lion’s share, with 86% of DDoS attacks being directed at their assets, up from 82% in the previous quarter.

Bar chart showing DDoS attack frequency by industry for Q3 2017 and Q2 2017

To see full information about emerging trends click here to download the full report.

Distributed Denial of Service Activity

The momentum continued from the last quarter into this one as well and this resulted in a significant increase of the total number of DDoS attacks – 69% more web alerts recorded year over year. Specifically, the jump happened in September and the average number of attacks per target rose to a new high for 2017 of 36 per target.

There are speculations that the spike in September’s traffic can potentially be explained as correlating with the return of students to school. While these are only speculations, it is possible the rise in attacks traffic could be linked to students sharing information and trying new techniques that they might have learned during the summer break in North America, the UK and Europe, among other places.

The top three vectors for Q3 were UDP fragments, DNS and NTP, as shown below:

Bar chart showing DDoS attack vector frequency for Q3 2017.

Click here to see the full report

Web Application Attacks

There was a significant jump in web attacks as well. Overall the number rose by 30% in Q3 while the number of attacks in the US jumped 48% over what was documented in Q2. The overall number jumped 69% year over year.

SQL injection attacks are still prevalent which means organizations haven’t taken the necessary precautions to sanitize data input and protect their applications. Given that this is now well known, attackers will use this information to continue to exploit these vectors to gain access to systems.

Most of the web application attacks this quarter came from US, Russia and the Netherlands as shown below:

World map showing source countries for web application attacks in Q3 2017

Click here to see the full report

Looking Forward

Both monetary and emotional aspects, which are the most prevalent motivators of attack dynamics, will strongly influence the behavior in the fourth quarter. The most important leverage for cyber criminals will be the fact that the final quarter is critical for merchants, making the merchants more likely to pay an extortion letter threatening an attack.

On the other hand, defenders are getting better at working together and sharing important information to help detect and combat attacks. GlobalDots will continue to bring cutting-edge insight into the ever-changing landscape of attacks and attack tools – delivering the insight to help you and your team protect your organization.

The original report and the research behind it is originally created and conducted by the Akamai research team and you can download the full report by clicking here.

Latest Articles

Vulnerability Assessments vs. Penetration Testing: Key Differences, Use Cases & Best Practices

They’re not interchangeable. A vulnerability assessment identifies known flaws at scale. A penetration test mimics an actual attacker probing for impact. Yet many teams treat them the same. They substitute one for the other, check a compliance box, and move on as if they’re covered. They’re not. And that gap shows up later in real-world […]

Ganesh The Awesome
7th July, 2025
Web Application Firewalls (WAFs): The Evolving First Line of Defense in Cloud Security

Modern applications are built for speed, not simplicity. Containers, microservices, and cloud-native deployments have blown up the security perimeter. Traditional tools can’t keep up with this complexity. That’s why Web Application Firewalls (WAFs) matter. But the WAF of 2025 isn’t just an appliance sitting in front of a static website. It’s a flexible, cloud-aware security […]

Ganesh The Awesome
7th July, 2025
What is an API Security Audit?

 In January 2024, a misconfigured API exposed 650,000 private messages. These included passwords and internal communications. No exploit chain. No zero-day. Just a public-facing endpoint with no authentication. This wasn’t an isolated incident. From T-Mobile and Twitter (now X) to Kronos Research and the US Treasury, attackers have consistently used APIs as entry points. They […]

Ganesh The Awesome
26th June, 2025
The Ultimate API Security Checklist for 2025

APIs are now the top attack vector in enterprise apps. In 2024 alone, breaches tied to APIs cost an average of $4.88 million, and that number is rising fast. Attackers exploit gaps in API authentication, input validation, and outdated endpoints to compromise systems. Legacy controls no longer suffice, and the OWASP API Top 10 outlines […]

Ganesh The Awesome
26th June, 2025

Unlock Your Cloud Potential

Schedule a call with our experts. Discover new technology and get recommendations to improve your performance.

    GlobalDots' industry expertise proactively addressed structural inefficiencies that would have otherwise hindered our success. Their laser focus is why I would recommend them as a partner to other companies

    Marco Kaiser
    Marco Kaiser

    CTO

    Legal Services

    GlobalDots has helped us to scale up our innovative capabilities, and in significantly improving our service provided to our clients

    Antonio Ostuni
    Antonio Ostuni

    CIO

    IT Services

    It's common for 3rd parties to work with a limited number of vendors - GlobalDots and its multi-vendor approach is different. Thanks to GlobalDots vendors umbrella, the hybrid-cloud migration was exceedingly smooth

    Motti Shpirer
    Motti Shpirer

    VP of Infrastructure & Technology

    Advertising Services