If your clients aren’t worried about Distributed Denial of Service (DDoS) attacks, they may need to pay more attention.
The number of DDoS attacks in the first quarter of this year doubled compared with the year-earlier quarter, according to ID-systems vendor Neustar. Nearly half came through multiple attack vectors. And the biggest attack size has gotten much larger.
Nearly 1 in 4 members of Neustar’s International Security Council says DDoS attacks are the single most serious threat to their networks. In NIST’s January survey of its members, respondents said their other top attack threats include system compromise (21%), ransomware (15%) and financial theft (also 15%). Here’s the breakdown, courtesy of Neustar:
As you probably know, DDoS attacks are particularly nasty. The attacker’s goal: make an online service unavailable by overwhelming it with traffic from multiple sources.
These attacks are surprisingly cheap, too. For as little as $150, an attacker can buy a black market, week-long DDoS attack, according to Digital Attack Map. DDoS attacks now number more than 2,000 a day worldwide, and they’re the reported cause for 1 in 3 downtime incidents. That’s serious.
On the rise
DDoS attacks are among several threat types on the rise, the NIST membership survey finds. Half the respondents (50%) said phishing attacks on their networks increased in 2018, and nearly as many (49%) said DDoS attacks increased. Other attack types on the rise include social-engineering emails (48%), ransomware (47%) and targeted hacking (also 47%).
The source of these threats is changing, too. Used to be, company insiders posed the greatest security threat. Not now.
Now it’s criminals, according to over half (58%) of respondents to the NIST survey. They cited several other rising threats, including competitors (39%), social activists (38%) and nation-state actors (37%). Insider threats were reported increasing by only about a third (34%) of respondents.
The number of threat vectors is rising, too. These threat vectors can include routers, firewalls, load balancers, servers, applications, even an API. Attackers can dig in that deep.
Most attacks came in through more than 1 vector, Neustar says. Nearly half (44%) of DDoS attacks last year came through 3 attack vectors. About a quarter (26%) came through 2 threat vectors. And 7% came through 4 attack vectors.
The attack size is growing, too. Neustar says the largest attack size observed in this year’s first quarter was 587 Gbps in volume. For the year-earlier quarter, the largest was 345 Gbps in volume. That's a difference of about 40%.
And the longest duration for an attack? That would be nearly 1 1/2 days.
Worried yet? Good. Now help your clients do something about it.