DDoS Hits Closer to Home in 2017: Trends & Emerging Threats

http 503 error, service unavailable

As a colocation company that provides a DDoS Mitigation service to customers, we keep current with DDoS activity and emerging threats in our industry and others. We’ve noticed more frequent attacks in previous months, and medium to large companies aren’t the only ones dealing with the onslaught. Smaller organizations are increasingly getting hit with DDoS threats and attacks. In the final quarter of 2016, the U.S. slid into first place to become the number one source country for DDoS attacks.

According to Akamai’s State of the Internet Security Report, there was a 16% increase in total DDoS attacks from Q3 to Q4 of the previous year, and 73% of all organizations surveyed experienced one or more DDoS attacks in 2016. In fact, 85% of these were attacked repeatedly. These numbers vary by DDoS protection provider, but the numbers continue to trend upward overall. The trend is expected to continue as attacks become the norm for organizations of all sizes.

Ransom Is the Primary Attack Motive

DDoS Attack Motives 2016

Ransom has become the primary motive for hackers, and this includes DDoS for ransom. Not only are hackers directly threatening organizations with DDoS attacks to make money, they also engage in DDoS for hire, which has become a norm. Anyone can simply order a DDoS attack on a company or organization and pay cybercriminals to do it. Radware states the demand for these crimes is currently outpacing supply. Vendors offering application exploits can generate thousands of dollars from getting just one taker on the Darknet.

Radware’s Global Network Application & Security Report states that 56% of organizations reported cyber-ransom attacks in 2016, and 41% of companies say that ransom is the greatest motive for an attack on their organization. Only 25% stated this as the primary motive for an attack in 2015. This is a 64% increase year over year.

Another growing motive for hackers to conduct DDoS attacks is to cover up security breaches. According to Corero, DDoS attacks can serve as a smokescreen while hackers plan or execute data breaches. The chaos of a DDoS attack allows hackers to map networks for executing other cybercrimes, or to install malware while firewalls or Intrusion Prevention Systems (IPS) are offline.

The Rise of the Permanent DDoS Attack

Permanent DDoS attacks irreparably damage hardware, requiring it to be repaired or replaced. Permanent DDoS attacks (also known as PDoS) have been around for a while, but Radware predicts that these attacks will become more common, especially through the use of data center technologies and devices connected to the Internet of Things.

Methods of accomplishing such attacks include remote administration using management interfaces as well as firmware manipulation. A hacker may exploit vulnerabilities to replace a device’s basic software with a defective firmware image. This process is known as flashing.

Attacks Increase in Size

Attackers are increasingly using DNS, DNSSEC and the Internet of Things to amplify attacks, which is what we have seen recently with 1+ TBps attacks using Mirai controlled bots. Last year we saw one of the largest DDoS attacks in history (Dyn) due to the use of Mirai bots. IoT devices are the ideal tools for large attacks because they lack sufficient endpoint protection, and there are still no regulations or standards for securing these devices. According to Akamai’s Sate of the Internet Security Report, there was a 140% increase in attacks greater than 100 Gbps from Q4 2015 to Q4 2016.

In spite of the overwhelming size of these volumetric botnet attacks, it’s important to keep in mind the average size of a DDoS attack is around 1.15 Gbps, according to Arbor Networks. Even though attack size is increasing, 80% of all attacks are still less than 1 Gbps.

Hybrid DDoS Protection a Necessity

survey obstacles to ddos protection

If your company’s livelihood depends on online services, it is time to ensure that your organization is adequately protected from DDoS attacks. Around three-quarters of organizations experienced DDoS attacks last year, and the numbers continue to rise. About 78% of organizations have now implemented some type of DDoS protection. Around 50% of these companies have implemented an on-premises only solution. This, along with a lack of cybersecurity talent, could account for part of the reason that the largest obstacle to cyber defense for many companies is a lack of manpower, as seen in the graphic above. Attack size is increasing, and organizations that lack hybrid protection (a combination of on-premises and cloud-based scrubbing) are more vulnerable than ever.

Learn more about Data Foundry’s hybrid DDoS Mitigation service, or download the complete service brochure.