DDoS attacks: half of targeted firms get hit again

News by Steve Gold

Two new reports reveal that DDoS attacks are not only getting bigger- now logged between 250 and 325 Gbps, but that these attacks often target the same organisation more than once.

The business challenge presented by DDoS attacks hit the spotlight once again this morning, after a research analytics firm revealed that 35 per cent more firms were hit by attacks during 2013 than in 2012 - and with 28 per cent of logged attacks seen last years lasting two days or more.

The most revealing takeout from the Neustar analysis - the firm's second annual report, entitled `DDoS Attacks & Impact Report - 2014: The Danger Deepens' - is that once attacked, there is an estimated 69 percent chance of a repeat attack.

And whilst 31 per cent of these companies were DDoS-attacked once, over 48 percent said they had been targeted between two to 10 times.

Neustar's figures confirm Arbor Networks' report - released last week - which saw a record 325 Gbps attack hit a French organisation earlier this year, with a massive spike logged by the research division of the DDoS remediation firm on the first quarter of this year.

Arbor says that it 72 attacks larger than 100 Gbps in size and volume, as well as 50 percent more attacks in the first quarter of 2014 than the entirety of 2013.

Back at Neustar, the research company claims that 32 percent companies hit by a DDoS attack last year estimated the events had cost them more than £240,000 per day during the outage. Additionally, the reports notes larger DDoS attacks are becoming more frequent with a 200 percent increase in attacks affecting bandwidth of between 1 and 20 Gbps.

For its research, Neustar took in response from 331 companies in the UK, across a range of public and private sector organisations. The company says its results show that DDoS attacks disrupt multiple business units - with public-facing areas like call centres, customer service and marketing operations absorbing more than 40 per cent of DDoS-attack related costs.

This high cost may because these business functions are key revenue earners in most commercial companies, SCMagazineUK.com notes, but the report also cautions that DDoS attacks are now being used as smokescreens for other attacks - an attack vector that security researcher Brian Krebs has reported on several times over the last 12 months.

Rodney Joffe, Neustar's senior VP and technology fellow, said that organisations must remain constantly vigilant and abreast of the latest threats.

"As an example, Neustar's UltraDNS network suffered an attack just last week peaking at over 250 Gbps – a massive attack by industry standards. Even with proper mitigations in place, the attack caused an upstream ripple. It is a constantly changing threat landscape,"he noted.

According to Mark Teolis, general manager with DOSarrest, a DDoS remediation specialist, the key problem with the latest generation of attacks is not just the volume and bandwidth used, but their general sophistication, with Layer 7 attacks now being seen in the mainstream.

Layer 7 is the highest of the seven IP layers defined under the OSI (Open System Interconnection) model and represents the application layer - the location on the computing resource where data both originates and returns.

Speaking with SCMagazineUK.com last week at the Infosecurity Europe show, Teolis said his firm's latest software has been enhanced to deal with these latest Layer 7 attacks, by combining IDS (intrusion detection systems), load balancing, WAF (web application firewall) and DDoS mitigation under a single IT umbrella.

Using an IDS, he explained, allows security professionals to pinpoint sophisticated layer 7 attacks, as well as provide cloud based WAF services.

"Using these approaches - coupled with spreading the load across multiple cloud resources - significantly mitigates the effects of even the highest volume DDoS attack," he said.

Keith Bird, UK managing director with Check Point, told SCMagazineUK.com that DDoS attacks have been used as a hacktivist weapon for several years – and, as this research illustrates, now the net is widening to businesses at large.

“We are seeing smokescreen-type attacks, and also more complex, multi-vector attacks on Web sites that combine DDoS with account tampering and fraud attempts,” he said adding, that, whilst these are difficult to defend against, firms should consider contingency and remediation plans in the event of such attacks.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews