Persistent threats, greater impact: the changing face of DDoS attacks
By Joe Loveless, Director, Security Solutions, Neustar
Over the last year, the DDoS (distributed denial of service) threat landscape has looked pretty bleak. Six months ago, attacks had reached new levels of disruption, and you couldn't go five minutes without hearing about another major breach in the news.
It has been well documented that hostile attack networks are being built from the ever expanding Internet of Things (IoT). The whole infrastructure of our increasingly connected world, facilitated by advances in cloud computing capabilities and the IoT, has had the unfortunate consequence of creating a growing number of exploitable vulnerabilities.
Since then, companies in search for answers to effectively defend against unprecedented levels of DDoS attacks have continued to struggle to find solutions to wave after wave of attack. Although we've not yet seen a significant DDoS event in the intervening time, and attack volumes have remained steady – even down slightly from six months ago – the number of breaches per attack is up by a staggering 27%.
This is according to the latest bi-annual independent research report, commissioned by Neustar, which surveyed 1,021 directors, managers, CISOs, CSOs, CTOs, and other c-suite executives across the globe, to find out how DDoS attacks affect their organisations and what measures are in place to counter these threats.
Data from the report shows attackers are achieving higher levels of success against organisations they only hit once: 52% of organisations reported a virus associated with a DDoS attack, 35% reported mal-ware, 21% reported ransomware and 18% reported lost customer data. Over a twelve-month period, 75% of respondents recorded multiple DDoS attack attempts following an initial assault on their organisation's network.
The resulting breach ratio increases as the number of DDoS attacks increases, but the net result is it only takes one attack to breach an organisation's defences. Findings suggest that cybercriminals are focused on taunting defences, probing network vulnerabilities and executing more targeted strikes, instead of making noise with a singular, large attack.
It would be disingenuous of me to say that organisations don't understand what's happening; security teams and the defences they've been implementing have never been more capable. The research indicates that investment rates in sophisticated DDoS defences, especially the large jump in Web Application Firewall (WAF) deployments, have increased significantly, with the number of organisations that have added WAF to combat DDoS nearly tripling in the past seven months and more than quadrupling in a year.
The application layer has rapidly become the most exploited layer in the network stack and WAF filters, monitors, and blocks threats that target application layers, such as SQL, XSS, CSRF, session hijacking, data exfiltration and zero-day vulnerabilities.
As enterprise infrastructures change, traditional defence strategies against denial of service attacks must evolve as well. But management disciplines and security technologies are just part of the story, and there is an increased appetite to share expert perspectives and exchange information. This collaborative approach to cyber security is essential, if cyber security professionals are gain an advantage in the ever changing face of their attackers.
The full Global DDoS Attacks and Cyber Security Insights report can be downloaded here.
About Neustar
Neustar has the largest, most reliable and secure network in the world making it the trusted DNS provider of some of the biggest brands. Neustar Siteprotect is becoming key in the fight against increasing DDoS attacks with nodes going live throughout EMEA, APAC and the rest of the world. By 2018 Neustar's DDoS Defence Network will have expanded to 10Tbps globally making it the leading supplier of DDoS protection. Other services include traffic management, website monitoring, load testing, IP Geolocation, registry and mobile marketing.