Distributed denial of service (DDoS) attacks are nothing new. Computing looked into the impact that the cyber attacks could have on an organisation back in 2012 and urged CIOs to take notice because of the devastating financial and reputational damage that they can cause. Since then, DDoS attacks have continued to increase, in both size and volume.
Neustar’s 2015 DDoS Attacks and Protection Report found that 50 per cent of businesses believe that DDoS is a bigger risk than a year ago. It found that most companies are hit multiple times – the number of those hit only once dropped by 30 per cent – and despite 40 per cent of organisations spending more on DDoS protection than a year ago, those same organisations feel their investment should be greater still.
Among the companies surveyed, 34 per cent said their longest attack lasted one or two days, 56 per cent said it was less than a day, while eight per cent complained the DDoS attack took their systems down for three days or more.
However, security firm Corero’s latest quarterly report suggests that high volume, long duration attacks are not the only type of attack to worry about.
“The majority of the attacks targeting Corero customers were less than five minutes in duration, with 96 per cent of attacks lasting less than 30 minutes,” the report said.
This suggests that attackers are trying out new forms of assault – bursts of damaging attack traffic as opposed to prolonged events.
According to the Corero report, for which research was conducted by the Ponemon Institute, the average data centre downtime due to a DDoS attack was 86 minutes, and the cost per minute during this downtime was $8,000 (£5,465). Neustar found that for every hour a site is down during peak business, almost 40 per cent of companies would lose over £100,000 – a 470 per cent increase year on year. Corero revealed that the average cost per customer per DDoS outage was $720,000 (£491,930).
Neustar found that among those companies who were attacked in 2014, the biggest proportion (39 per cent) had been hit between two and five times. Nearly a quarter (24 per cent) had been attacked between six and 10 times, and three per cent of companies said that they had lost count of the number of times they had been attacked.
Neustar and Corero’s results differed when it came to the attack size in terms of bandwidth. Corero found that the majority of its customers (79 per cent) were targeted by attacks with bandwidth less than 5Gbps and duration less than 10 minutes. However, only 32 per cent of 2014’s victims surveyed by Neustar were targeted by a DDoS attack of less than 5Gbps. Over a third (35 per cent) were targeted by attacks between 5.0 and 19.9Gbps. Six per cent were hit by traffic with a bandwidth of between 50Gbps and 100Gbps, and only two per cent found themselves on the receiving end of huge DDoS attacks with a bandwidth of 100Gbps or more.
Corero said DDoS attacks are getting even more sophisticated as attackers implement techniques to profile the nature of the target network’s defences, and use other tools to implement second- and third-wave attacks to circumvent an organisation’s security.
So what are companies doing to protect themselves and mitigate attacks?
According to the Neustar report, within the financial services sector, 40 per cent of businesses are investing in hybrid DDoS protection. It said that eight out of 10 financial companies choose a hybrid solution when a DDoS outage would result in peak-hour losses of over £100,000.
To defeat the new breed of sophisticated attacks, Corero suggests that companies need “real-time analysis to determine the need to customise detection filters and block the attack immediately”.
Neustar found that when companies come under DDoS attack the majority (60 per cent) deploy between two and five employees to mitigate the cyber threat. Over a fifth of firms (21 per cent) use six to 10 employees, and 16 per cent of companies release 10 or more members of the team to deal with the threat. Three per cent of companies rely on just one employee to mitigate the attack.
Neustar adds: “Of course, attackers count on this – the more people focused on the DDoS attack, the fewer eyes watching for other threats like malware or virus installation.”