In 2016 hackers started using Internet of Things (IoT) to fuel volumetric attacks that surpassed 1Tbps. This year the attacks increased in size, complexity and sophistication, with DDoS attacks increasingly being used to steal valuable information or raise a ransom.
A recent Neustar report, ‘Global DDoS Attacks & Cyber Security Insights Report’, revealed that globally more than 80 percent of organisations were attacked at least once in the previous 12 months (an increase of 15 percent since 2016). Moreover, 81 percent of those attacked were hit more than once.
Worryingly, most organisations are still struggling to detect and respond to DDoS attacks effectively and efficiently, with 36 percent revealing that they were only made aware of a DDoS attack by their customers, creating a major trust issue for their brands.
How has the threat landscape in 2017 evolved?
Attack volumes greater than 10Gbps are up 5 percent when compared to last year, and continued use of IoT-enabled botnets to deliver massive (greater than 500Gbps) volumetric attacks has led to an arms race.
As cybercriminals become smarter, the use of multi-vector attacks has become the most effective method to launch an attack on the network, servers and software in organisations. Around 75 percent of attacks during early 2017 were multi-vector, as seen by the Neustar Security Operations Centre. In APAC, the number of organisations that encountered ransomware in unison with a DDoS attack has risen sharply from 16 percent in October 2016, to 30 percent a year later.
Theft resulting from complex multi-vector attacks has also increased, with 58 percent of attacked organisations reporting the theft of financial data, customer data and/or intellectual property in concert with a DDoS attack (up 9 percent on 2016).
How are organisations impacted?
52 percent of APAC organisations suffer average revenue losses of AUD $130,000 or more per hour of peak downtime following a DDoS attack. Furthermore, over half of the organisations attacked within APAC take more than three hours to detect an attack on average and then an additional three hours or more to respond to (mitigate) the attack.
The increase in detection and response times, driven by an increase in complexity of attacks, coincides with increased spending, with 80 percent of organisations spending more on DDoS defences. Nonetheless, 90 percent of organisations believe that more expenditure is required to strengthen defences to quickly and effectively mitigate the growing risk DDoS attacks impose.
In addition, more sophisticated application layer attacks have led to a substantial jump in the adoption of Web Application Firewalls, in 2016 13 percent of organisations had adopted the technology - this figure has now jumped to 53 percent.
How to protect your business?
It is critical to understand the risk imposed by a DDoS attack and the technical infrastructure that needs to be protected, today and into the future. Using this information, companies can determine the appropriate defence strategies and associated spending, allowing for the selection of the right solution(s).
If your company is looking for a low cost, content delivery network (CDN) style solution, there are services in the market for inexpensive DDoS protection, however they may impose usability issues and be unable to stop a significant attack.
Another low-cost option is “clean bandwidth/pipe” solutions provided by ISPs. These solutions typically have a limit to the size of attack they will defend, and are based on you having a single internet provider.
On-demand cloud, where network traffic is redirected to a mitigation cloud, is reliable and cost effective. However, it is dependent on swift failover to the cloud in order to avoid downtime. This can be automated, with integration between the client’s routers and the mitigation partner. A good service will provide integrated protection and monitoring of network and application layer (ISO layers 3, 4 and 7) attacks.
Always-routed cloud, on the other hand, involves the redirection of web traffic on a constant basis. The constant redirection can affect network latency, even during non-attack conditions, and additional services may be required to address application layer attacks. Integration with a CDN and support of a cloud based Web Application Firewall is common for this type of solution.
When operating outside of the cloud, you may choose a hybrid mitigation plan, consisting of a mitigation appliance, plus cloud protection. The appliance will stop any DDoS attack within the circuit capacity feeding the network, and automatically trigger cloud mitigation, if the circuit is in danger of becoming overwhelmed.
Regardless of the solution, having a unified (Layers 3 – 7) 24x7 Security Operation Centre, and user interface with near real-time monitoring and reporting is a must. Without such, you endanger lowering your security posture during a DDoS attack, increasing the likelihood that the sophisticated attacker will win.