Today, Monday 5 October, Corero Network Security launched its detailed mid-year report on the current state of DDoS attacks based on its global customers' experience.
Corero notes that attackers continue to leverage sub-saturating DDoS attacks with growing frequency. Attackers use shorter attack durations to evade defences and the report shows how DDoS scrubbing solutions can cause disruption in a network, often used to distract victims while other malware penetrates networks and steals customer information and company data.
Corero customers experienced about 4.5 DDoS attacks per day in Q2 2015, a 32 percent increase on Q1. The report found that a majority of attacks were less than less than 10Gbps and lasted less than 30 minutes. A rise in attacks was blamed on the increasing availability of cheap (sometime free) DDoS attack tools such as botnets-for-hire. These tools are simple to launch and can be used with complete anonymity.
Corero also analysed DDoS mitigation actions by about 100 online enterprises in a survey. The results show nearly 75 percent of respondents would like their internet service providers to offer more security services to prevent DDoS traffic from entering their networks. Ninety percent of respondents are willing to pay for a premium DDoS defence. A majority are willing to assign between five and 10 percent of their overall ISP spend to secure this service.
“As companies continue to combat the increasing onslaught of cyber-attacks, including DDoS, they are turning to their service providers to aid them,” said Dave Larson, CTO and VP, product, of Corero. “Carriers are in a unique position to effectively eliminate the impact of DDoS attacks on their customers by surgically removing the attack traffic transiting their networks. This type of DDoS protection as a service is in high demand among enterprise customers.”
A survey conducted by Kaspersky Lab and B2B International showed that in most cases, a DDoS attack is only the “tip of the iceberg”. Nearly 75 percent of respondents representing the corporate sector stated that DDoS attacks against their companies corresponded with other IT security incidents.
In the survey, respondents cited malware (21 percent) and hacking (22 percent) as the leading threats to their companies. DDoS was chosen as the most dangerous threat by only six percent. However, DDoS attacks often coexist with malware incidents (45 percent of the time) and corporate network intrusions (in 32 percent of all cases). Data leaks were also detected with DDoS attacks in 26 percent of cases.
Longer page loading times still remained the most common aftermath of DDoS attacks (53 percent this year vs. 52 percent last year), but the survey says attacks can last for days, even weeks.
“It is natural that DDoS attacks are increasingly causing companies problems. The methods and techniques used by criminals are evolving, with attackers looking for new ways of ‘freezing' their victims' operations or masking intrusion into their systems. Even with a large staff of IT professionals it is almost impossible for companies to handle a serious DDoS attack and recover their services on their own. Moreover, if other malicious activity is going on at the same time, this multiplies the damage. The most dangerous part is that companies may never learn they were subjected to DDoS smokescreening,” says Evgeny Vigovsky, head of Kaspersky DDoS protection, Kaspersky Lab.
AT&T reported a 62 percent increase in DDoS attacks over the past two years in its new Cyber-security insights report, “What every CEO needs to know about cyber-security—decoding the adversary”.
Igal Zeifman, senior digital strategist at Imperva compares these numbers to Imperva's DDoS findings from Q3: "These numbers are in line with what we see on our network. Specifically, we saw double the number of attacks, accounting for a 116 percent increase in the number of daily attacks on our clients, just in the last three months. We also noticed that, in this period, the attacks grew shorter in duration.
"Looking at both data sets, we think that the influx in the number of attack is a result of two different trends. The first is a growing adoption of hit-and-run DDoS tactics, with more perpetrators preferring to launch multiple periodic attacks to a single prolonged assault. The second is an increase in popularity of DDoS-for-hire tools that allow anyone to launch a short-living DDoS attack for a laughable cost. "
“In order to effectively protect their networks, prevent disruptions to customer operations, and better protect against data theft and financial loss, companies need real-time visibility and mitigation of all DDoS attack traffic targeting their networks, regardless of size or duration,” Larson concludes.