DDoS attacks on the rise again and size doesn’t matter
4 December 2018
Sean Newman, director of Corero Network Security, discusses how the surge in the frequency of DDoS attacks shape today’s threat landscape and what should organisations do to protect themselves from even the smallest of attacks
Organisations today are heavily reliant on the internet to function and if anything is done to disrupt this availability, it can have catastrophic repercussions on the way those organisations operate. Distributed Denial of Service (DDoS attacks), in particular, can inflict the gravest consequences to a business and cause damage to a brand’s reputation, customer trust and revenue.
What is even more staggering is that the frequency of DDoS attacks has once again risen in the past year. Indeed, according to a recent report from Corero Network Security, organisations faced an average of eight attacks per day in Q2 2018, an increase of 40 percent compared to the same quarter in 2017.
However, while frequency has increased, the duration of attacks decreased with 77 percent lasting ten minutes or less, of which 63 percent last five minutes or less.
So, how does the surge in the frequency of DDoS attacks shape today’s threat landscape and what should organisations do to protect themselves from even the smallest of attacks?
Also of interest: Patching vulnerabilities: which should you prioritise?
A growing number of smaller, low-volume DDoS attacks
The increase in DDoS-for-hire services and unsecure internet of things (IoT) devices has turned DDoS attacks into an everyday occurrence for organisations around the globe. However, for all the hype around the large, volumetric attacks, they still represent a tiny fraction of all the DDoS attacks which take place on a daily basis.
Corero researchers confirm they are seeing a larger number of short-duration, low-volume attacks crippling organisations’ networks and wreaking havoc. It is precisely the large number and small size of these DDoS attacks that makes them so dangerous. The prevalence of low-level, sub-saturating attacks should raise at least as much concern as high-volume attacks.
After all, it is not as if cyber criminals cannot launch those large-scale attacks. Instead, they are purposefully choosing to launch smaller attacks as these can often evade detection and prove to be more effective overall. These smaller, shorter, attacks typically evade detection by most legacy and homegrown DDoS mitigation tools, which are generally equipped with detection methods that are blind to this level of activity. This allows hackers to perfect their attack techniques while remaining under the radar and leaving security teams blindsided by future attacks.
Attackers have turned to this attack technique as they can deliver more sophisticated attacks, with very little effort. Indeed, by design, these types of surgical attacks have numerous benefits for the attackers; they don’t need to use as much of their valuable resources to launch the attacks and the attacks come in under the radar of less sophisticated legacy DDoS protection solutions.
For this reason, organisations should be wary of being quick to claim that their business systems have not been affected by a DDoS attack, because this can be extremely difficult to ascertain. This ultimately means that no website or online application is immune to DDoS, and any size DDoS attack is cause for alarm.
Most organisations know that even a few minutes of downtime can prove costly for the company’s bottom line, customer confidence, and will result in overall reputation damage. Network and web service availability are crucial to ensuring customer satisfaction and sustaining customer trust and confidence in a brand.
These indicators are vital to both the retention and acquisition of customers in highly competitive markets. When an end user is denied access to Internet-facing applications, or network outages degrade their experience, it immediately impacts brand reputation.
Also of interest: How real is the threat of cryptojacking?
Industry’s best practices
The combination of the size, frequency and duration of modern attacks represent a serious security and availability challenge for victims. One of the biggest issues associated with short, low-volume, attacks is the fact that they are often overlooked, which can prove a huge and costly mistake.
Regardless of the motivations behind DDoS attacks, or the techniques used by hackers, those threats remain one of the biggest challenges for online organisations nowadays.
Perhaps, most concerning is that, if organisations don’t have the right protection in place they could be unknowingly suffering service impact and minor outages that they would attribute to other IT issues, due to the lack of visibility.
To keep up with the growing sophistication and organisation of well-equipped and well-funded threat actors, it is essential that organisations maintain comprehensive visibility and automated mitigation capabilities across their networks, to instantly detect and block any DDoS attacks, regardless of their size, as they arise.