The number and intensity of DDoS attacks have sharply increased in the first quarter of 2017, according to a new report by Neustar. There have been more than twice as many DDoS attacks of more than 50 Gbps in the past year as compared to 2016, with 45 percent of attacks being more than 10 Gbps and 15 percent being at least 50 Gbps.
Of the 1,010 organizations survey 849 were affected by DDoS attacks, an increase of 15 percent from last year, and of those organizations attacked, 86 percent were attacked more than once.
Interestingly, 99 percent of the organizations studied invest in anti-DDoS solutions but many of them are proving to not be successful, with 36 percent of organizations saying they should invest more to protect themselves from such attacks. In addition, organizations took longer to identify and respond to attacks. Attackers have learned how to tease defenses, probe network vulnerabilities, and execute more lethal strikes. Most concerning is that half of those attacked needed at least three hours to detect and half need more than three hours to respond
“If a company has not prepared any plans for dealing with a large-scale DDoS attack, then it’s very common that customers experience the failure first due to the nature of how consumers interact with a web property.” said Barrett Lyons, head of Neustar’s Security Research And Development department. “The attacks happen quickly, and initially, without proper planning, it’s unclear if it’s a DDoS or some other catastrophic failure. With an internet presence of websites and applications being such a primary intersection between businesses and customers, problems that create traffic jams or disrupt communication are far more noticed by everyone than they used to be.”
In another report, Deloitte’s Technology, Media and Telecommunications predicted what the Neustar report seems to confirm, that in 2017 attack sizes have increased from 1.25 Gbps to 1.50 Gbps. The report went on to warn that the increasing amount of Internet of Things (IoT) devices are worrying due to their potential to be abused by DDoS attackers to infiltrate an organization.
Attackers have been using compromised IoT devices to build botnets such as Mirai and others to use in DDoS attacks against a variety of targets for the last couple years, including DNS providers, hosting providers, and colleges.
Image: Steve, CC by-nc-sa license.