With the rise of powerful botnets on such a frequent basis, it is no wonder why DDoS attacks remain a prevalent threat in today’s cybersecurity landscape. The botnets of today leverage not only the power of infected computers, they also can potentially attack any device that is connected to the IoT. Combined with how a DDoS attack does not require a great deal of hacking prowess, reckless script kiddies and black hats alike are able to wreak havoc on people, governments, and businesses alike. As recent research suggests, these attacks have increased at an even more alarming rate than once believed.
In a report from the cybersecurity research firm Corero, numerous statistics were uncovered about the present-day threat landscape with regards to DDoS attacks. The report looked at their own customer base for statistical proof that the DDoS threat was increasing, and the results were unnerving. The first notable set of statistics is the following from the report:
In the last quarter (Q3 2017), Corero customers experienced an average of 237 attacks per month, an increase of 35% compared to Q2 2017 (175 attacks)... Worryingly, we saw an average of 8 attack attempts per customer, per day in Q3 2017 — double what was observed in Q1 2017.
Based on this data, Corero wanted to investigate — especially with the high-profile attacks in the last year — the nature of these DDoS attacks. What was discovered is that large attacks like those carried out with the infamous Mirai botnet were not the norm. Instead, around 96 percent of the attacks in Quarter 2 and Quarter 3 averaged a size of less than 5GB, and 71 percent of these were 10 minutes or less (which was up from last year’s total of 5 percent).
The actual nature of these attacks was also studied in the report. Two interesting attack methods stood out. The first, multi-vector attacks, seek to “launch both infrastructure-based and application-based DDoS payloads” that “profile the nature of the target network’s security defenses, and implement second or third attacks designed to circumvent an organization’s layered protection strategy.”
The second attack method was a service flood in which, as is inferred by the name, an assault on systems via various flooding methods (SYN flood, ACK flood, and others). What a service flood attempts to accomplish is a total knockdown of connectivity and all core functions tied to bandwidth.
Corero concluded its report with the main takeaways of its research: Proactive and evolving DDoS protection is vital. They state the following to drive home this point:
It’s essential that organizations maintain comprehensive visibility and automated mitigation capabilities across their networks to instantly detect and block any potential DDoS attacks as they arise.
I recommend reading the entire report to help better understand how to protect yourself against the current DDoS threats, but no matter what, you should seek to secure yourself against these attacks as soon as possible. You will never be able to fully prevent all DDoS attacks, but proactive efforts can give you a fighting chance to save your network.
Photo credit: Wikimedia