Short time and high traffic: the form of DDoS attacks is changing

Short time and high traffic: the form of DDoS attacks is changing

Distributed Denial of Service (DDoS) attacks are nothing new. Such network attacks may cause significant financial and reputational losses to enterprises. However, what is helpless is that DDoS attacks have continued to grow in scale and volume in recent years.

Technology Company Neustar's 2015DDoS attack and Protection Report found that 50% of companies believe that DDoS is more risky than a year ago. Most companies have been attacked many times-the number of companies that have been attacked only once is reduced by 30%, and even though 40% of companies invest more in anti-DDoS protection than a year ago, they still feel that they should continue to increase this investment.

The attack may take less than one day.

Of the companies surveyed, 34% said their longest attack lasted 1 or 2 days, and 56% said less than 1 day, only 8% of companies complained that DDoS attacks caused their systems to crash for three or more days.

However, security company Corero's latest quarterly report shows that high-capacity sustained attacks are not the only form of attack to worry about.

"Most attacks against customers last for less than 5 minutes, and 96% of attacks do not last for more than 30 minutes ."
This indicates that the attacker is trying a new form of assault-the outbreak of destructive attack traffic, rather than a sustained event.

DDoS attacks can cause serious economic consequences to the company.

The report also pointed out that the average downtime for data centers due to DDoS attacks is 86 minutes, that is, the research conducted by the bonimon Institute, an average loss of 5465 US dollars per minute (0.72 million) reveals that the average loss per customer for each DDoS downtime is 491,930 US dollars ). Neustar found that during peak business hours, almost 40% of companies will lose more than 0.1 million pounds each time the website goes down for an hour-an increase of 470% compared with the same period last year.

Neustar found that the largest proportion of companies attacked in 2014 was 39% ). Nearly 1/4 (24%) of companies have been attacked for 6 to 10 times, and 3% of companies claim that they have countless attacks.

When it comes to the scale of attacks calculated by bandwidth, the results of Neustar and Corero are slightly different. Corero found that most of its customers (79%) were attacked, with bandwidth less than 5 Gbit/s (Gbps) and lasting less than 10 minutes. However, in the results of the Neustar survey, only 2014 of the Victims of DDoS attacks in 32% were attacked with less than 5 Gbps bandwidth. The attack bandwidth of victims in the top 1/3 (35%) is between 5.0 and Gbps. 6% suffered from attacks of 50 Gbps to 2% Gbps bandwidth, and only found themselves under the ultimate DDoS attack of over Gbps.

Corero said that as attackers use some techniques to analyze the defensive nature of the target website and use other tools to deploy the second and third waves of attacks to bypass the company's security defense, DDoS attacks are becoming more sophisticated and complex.

So, what can companies do to protect themselves and mitigate attack harm?

According to the Neustar survey, 40% of companies in the financial service industry expect hybrid DDoS protection. It is said that 8 out of 10 financial companies will choose hybrid solutions when DDoS downtime leads to business peaks and losses of more than £ 0.1 million per hour.

To fight back this new type of Complex attacks, Corero recommends that the company use "real-time analysis to determine the necessity of customizing detection filters and immediately blocking attacks ".

Neustar found that when the company was under DDoS attacks, most (60%) companies would deploy two to five employees to handle this network threat. More than 1/5 of companies (21%) use 6 to 10 employees, and 16% of companies send 10 or more employees to respond to the threat. 3% of companies rely on only one employee to mitigate the attack.

And then added:

"Of course, attackers also expect this: the more people focus on DDoS attacks, the less people are willing to focus on other threats, such as malware or virus installation ."