Distributed denial of service (DDoS) attacks have been threatening organizations across the globe in recent years, damaging corporate reputations and causing down time that has inconvenienced customers at best and crippled businesses at worst. 2016 marked a watershed for the volume, virulence and sophistication of attacks. However, this is just the beginning, the worst is yet to come.
According to the findings of the recent Neustar Worldwide DDoS Attacks and Cyber Insights Research Report, more than eight in ten organisations surveyed globally have been attacked at least once in the previous 12 months (an increase of 15 percent since 2016). Furthermore, 85 percent of those attacked were hit more than once.
Despite knowing the threats, companies are still struggling to detect and respond to DDoS attacks effectively and efficiently. In fact, 40 percent of respondents globally were only alerted to a DDoS attack by customers, a major embarrassment for their brands. This figure is up from 29 percent in 2016.
What is new for DDoS?
It is crucial to highlight that the DDoS attack size, complexity, and ferocity will continue to grow this year. Multi-vector attacks, termed advanced persistent denial of service (APDoS), have become near-universal experience – demonstrating that attackers are consolidating the most effective methods to launch multi-pronged attacks on the network, servers and software in organizations. Using botnets such as the Mirai botnet of insecure Internet of Things devices to perform attacks and probe for vulnerabilities will also shape DDoS attack strategies and experiences in 2017.
Permanent Denial of Service (PDoS) attacks, or ‘phlashing’, is another way to wreak havoc in 2017. PDoS attack code aims to render a target device useless. Attackers can remotely or physically replace the software controlling connected hardware such as routers or printers with a version that does nothing, or even overload power subsystems. The potential damage could be significant. Consider the fire hazard an overheating smartphone can be, for example; or managing a disaster without a communications network.
DDoS attack in APAC
With organisations across Asia Pacific (APAC) being attacked more often, businesses should regularly re-examine the effectiveness of existing security strategies, including DDoS mitigation. The consequences of a DDoS attack can be significant.
After a DDoS attack 33 percent of APAC organizations reported average revenue losses of $250,000 or more, with 49 percent taking three hours or longer to detect the attack, and 42 percent taking at least three hours to respond.
Further, DDoS attacks are often used to mask with other cybercrime activities. The installation of ransomware and malware in concert with DDoS attacks was reported by 49 percent of organisations in APAC. In 2017, the victims of DDoS attacks around the world have experienced more malware (43% reported vs 37% a year before), network breaches/damage (32% vs 25%), customer data theft (32% vs 21%), ransomware (23% vs 15%), financial theft (21% vs 14%) and lost intellectual property (21% vs 15%).
While nine in 10 companies globally are investing more in DDoS-specific defenses today, stronger defenses are likely needed to mitigate the growing risk and likely impact of a major DDoS attack quickly and effectively.
Finding the right solution
Currently, there are several solutions in the market that organisations could consider.
Several low cost content delivery network (CDN) style services can offer inexpensive DDoS protection, however they may impose usability issues and be unable to stop a significant attack.
Similarly, DDoS mitigation appliances can be effective against certain types of attacks, however increasingly popular large-scale floods can overwhelm circuit capacity and render the appliance ineffective.
On demand cloud where network traffic is redirected to a mitigation cloud is reliable and cost effective. However, it is dependent on swift failover to the cloud in order to avoid downtime.
Always routed cloud, on the other hand, involves the redirection of web traffic on a constant basis. The constant redirection can affect network latency, even during non-attack conditions, and additional services may be required to address application layer attacks.
Adopting a DDoS mitigation approach that includes a managed appliance and cloud (hybrid) is the best option, yet can be costly. The appliance will stop any DDoS attack within the circuit capacity feeding the network, and automatically trigger cloud mitigation, if the circuit is in danger of becoming overwhelmed.
DDoS attacks are likely to frustrate even more organizations from now on, with new attack vectors, and a focus on destroying the utility of devices Those working to protect the customer experience, revenues, and brand reputations can best protect themselves from attacks by working with knowledgeable partners that have an extensive experience with identifying and addressing contemporary DDoS attacks, plus access to multiple sources of intelligence and a drive to continually improve on its expertise.