A new report from Corero finds that distributed denial of service (DDoS) attacks are on the rise. In a DDoS attack, hackers flood networks with illegitimate traffic in order to sap bandwidth and prevent legitimate users from accessing computer systems and data.
According to the report, organizations faced an average of eight attacks per day in the second quarter of 2018, a whopping 40 percent year-over-year increase. Most of these are lower-volume attacks involving less than 5Gbps of data. They are also relatively short-lived, with 77 percent lasting 10 minutes or less and 63 percent lasting five minutes or less.
Moderate-sized, short-duration attacks can be difficult to identify, yet they can hamper business operations and the customer experience. They can also be enough to cause a firewall or intrusion prevention system (IPS) to go down, enabling the attacker to access the network, install malware and steal data.
A separate report by NexusGuard finds that high-volume attacks have also increased dramatically. In the second quarter of 2017, the average DDoS attack size was 4.1Gbps and the maximum was 63.7Gbps. In the second quarter of 2018, the average was 26Gbps and the maximum was 359Gbps. NexusGuard attributes these increases to the use of unsecure Internet of Things (IoT) devices to create giant botnets that conduct the attacks.
Hackers launch DDoS attacks for a variety of reasons. They are often used to test for vulnerabilities and disguise other nefarious activity. In some cases, DDoS attacks are launched by disgruntled former employees seeking revenge. Competition can also be a motive. In one survey, 48 percent of respondents said they believed that DDoS attacks were the work of unscrupulous competitors seeking to disrupt their business and tarnish their brand.
DDoS attacks are also launched by hackers with a desire to bring down the networks of government agencies or large organizations as a political statement or for their own amusement. However, extortion, blackmail and revenge are often the motives behind these large-scale DDoS attacks.
DDoS attacks don’t require advanced skills to execute. In fact, they can be launched by so-called DDoS-for-hire services — cybercriminal operations that charge as little as $2 an hour for an attack.
Many organizations wrongly assume that they’re already protected from these types of attacks. Research by Kaspersky Lab found that 49 percent of organizations rely on their existing security hardware, while 40 percent think their Internet service provider (ISP) will provide protection. In reality, however, neither of these defenses will stop today’s “smart” attacks, which are difficult to filter using standard methods.
Thirty percent of organizations fail to take action because they think they are unlikely to be targeted by DDoS attacks. Surprisingly, 12 percent even admit to thinking that a small amount of downtime due to a DDoS attack would not cause a major issue for the company. However, any company can be targeted, and the potential cost of an attack can be millions of dollars.
Organizations need to take steps to protect vulnerable systems and networks. Even a modest-sized DDoS attack can easily overwhelm the capabilities of traditional firewalls, IPSs and other security tools. In fact, older security devices can even exacerbate the attack because they are unable to separate legitimate from illegitimate traffic.
As DDoS attacks have become more complex, sophisticated and frequent, organizations need to take proactive measures to stop them. A defense-in-depth posture that leverages up-to-date security tools offers the best protection against the growing threat of DDoS attack.