For unprepared companies, the impact of a distributed denial of service (DDoS) attack can cost up to US$ 1 million (£703,000) per hour that the website is down.
Neustar's first report from its Security Operations Centre (SOC) provided technical insights from the DDoS attacks it mitigated in 2015. Attack vectors in 2015 ranged from using Domain Name System (DNS) as a reflection source, to targeted strikes against Domain Name System Security Extensions (DNSSEC) signed zones.
A growth in attackers turning to multi-vector attacks to exhaust defences was also found. Almost half (47 percent) of all multi-vector attacks happened in Q4 of 2015. Multiple vectors with a peak size of 6.63 Gbps were used in 17 percent of attacks. More than half (57 percent) of all multi-vector attacks involved reflection attacks.
“Multi-vector attacks show a higher level of sophistication on behalf of the hackers,” said Brian Foster, senior VP of information services at Neustar. “Anybody can go to a stressor website and buy a cheap DDoS service, but with multi-vector attacks, the hacker is exhibiting a familiarity with attack methods and determination to potentially cause real damage.”
Foster pointed out five key takeaways for CISOs based on the SOC findings:
- Sometimes a single vector attack will not do. Attackers will try again and again until they succeed.
- Using smaller, pointed attacks, cyber-criminals can avoid detection while disrupting a network, setting the stage for exfiltration opportunities.
- Attackers take advantage of high-volume transition periods such as tax return period and Q4 for their worst attacks.
- Attacks on DNS skyrocketed in Q4. DNS, most critical for digital presence, is oftentimes the first target of a DDoS attack and the least protected.
- It's no longer a matter of if or when, but how often DDoS attacks will occur. The best defence remains an active, vigilant one.