Why have DDoS attack attempts doubled in the last six months?

21 Nov 2017

The Reaper botnet is a major threat according to a new report. Image: By Andrew Mayovskyy/Shutterstock

As cybercrime continues to shift and adapt, DDoS attacks on businesses are becoming more frequent.

The internet is the backbone of how the majority of organisations and companies conduct their daily business, and it has broadened considerably in scope since its inception thanks to the internet of things (IoT), cloud computing and larger connections. This reliance on the internet means that if it goes down, chances are the businesses relying on it will lose out along with it. DDoS (distributed denial of service) threats, have become much more sophisticated and commonplace as cyber-criminals seek to find new ways to wreak havoc.

According to leading security firm Corero, organisations it surveyed encountered an average of eight DDoS attacks per day in its report tracking Q2 and Q3 trends. Earlier in the year, the Corero Q1 report saw four daily attacks reported by survey participants. So, why have these attacks doubled in a mere six months?

Lowering the barriers to entry

Ashley Stephenson, CEO at Corero, explained: “The growing availability of DDoS-for-hire services is causing an explosion of attacks, and puts anyone and everyone into the crosshairs. These services have lowered the barriers to entry in terms of both technical competence and price, allowing anyone to systematically attack and attempt to take down a company for less than $100.

“Alongside this trend is an attacker arms race to infect vulnerable devices, effectively thwarting other attackers from commandeering the device. Cyber-criminals try to harness more and more internet-connected devices to build ever-larger botnets. The potential scale and power of IoT botnets has the ability to create internet chaos and dire results for target victims.”

Two distinct attack types

Corero notes two distinct attack types emerging: “Sophisticated, multi-vector attacks, aimed to deceive and overrun traditional IT security measures, made up a significant portion of the attacks observed this year. Service flood attacks aim to saturate the bandwidth target victim, resulting in service outages, downtime and latency.”

Cyber-criminals are also switching methods from volumetric to multi-vector attacks. RDoS, or ransom denial-of-service attacks, made a significant comeback in Q3 2017, with a widespread wave of these attacks from the Phantom Squad hacker group kicking this off. This extortion campaign launched messages demanding bitcoin payment, with promise to execute attacks on 30 September unless the demands were met.

The security flaws in IoT are well-documented and are prime targets for botnet activity. The Reaper botnet was cited by Corero as much more dangerous than the Mirai botnet of late 2016.

Most DDoS attacks are not large in scale

Although large-scale DDoS attacks are the ones making global news headlines, Corero said that this is not what businesses should be focusing on: “Frequent, modest-sized, short-duration DDoS attacks are the modern-day problem, as they regularly cause the most damage.”

Roughly 96pc of mitigated DDoS attacks were less than 5Gbps in volume in both Q2 and Q3 of 2017. Attacks also tend not to last for long time periods, with 65pc of attacks in Q2 lasting 10 minutes or less and 71pc of Q3’s attacks lasting for the same amount of time.

Another key insight from the report is the use of DDoS attacks to distract security personnel, allowing hackers to penetrate a network and to plant ransomware or malware. Rather than a denial of service, these attacks need to be viewed as a denial of security, masking things like data theft and network infiltration.

Corero recommends those tasked with IT security should have a continuously evolving knowledge of the threat landscape, discuss DDoS with their ISP, and implement real-time threat mitigation and detection systems: “Proactive DDoS protection is a critical element in proper cybersecurity against loss of service availability and data breach activity.”

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects

editorial@siliconrepublic.com