2018 saw a major rise in DDoS attacks against SaaS services, third-party data centres, cloud services, encrypted traffic, cloud-based services as well as in the profile of individual DDoS attacks, research has found.
Over the years, the sizes of individual DDoS attacks have grown so much that while hackers launched 10Gbps attacks ten years ago to wreck networks, it is now common for organisations to encounter DDoS attacks that are as large as 400Gbps or even larger. In fact, security researchers observed at least two DDoS attacks last year that measured over 1Tbps with the largest one being a record-breaking 1.7Tbps in size.
The increasing size of DDoS attacks is a testament to the fact that cyber-criminals are now able to hijack many insecure internet-connected devices to carry out large-scale botnet attacks against enterprise systems, applications, and websites.
According to researchers at Netscout, the average size of DDoS attacks rose by 273 percent in 2018 and because of the added punch in each DDoS attack, 91 percent of organisations across the globe that suffered DDoS attacks had their internet bandwidth completely saturated, resulting in increased downtime.
Almost half of organisations that suffered DDoS attacks suffered per-minute costs of between US$ 1,000 (£762) and US$ 10,000 (£7,620) and 53 percent of them suffered between US$ 10,000 and US$ 100,000 (£76,200) in per-minute costs.
With organisations adopting new technology solutions such as SaaS applications, cloud services, and hosting their data on third-party data centres, cyber-criminals have also switched their tactics to launch large-scale DDoS attacks on such services, applications, and data centres.
According to Netscout, while DDoS attacks against SaaS services grew from 13 percent in 2017 to 41 percent in 2018, attacks against third party data centers and cloud services rose from 11 percent to 34 percent, attacks against cloud-based services rose from 25 percent in 2016 to 47 percent in 2018, and 94 percent of organisations observed an increase in attacks on their encrypted traffic.
At the same time, cyber-criminals also shifted their focus to stateful infrastructure in 2018, almost doubling the number of attacks on Firewalls and IPS devices between 2017 and 2018. In almost half of all organisations, Firewall and/or IPS also contributed to an outage during the attack.
As far as organisations based in the UK are concerned, Netscout reported that as many as 46 percent of them suffered accidental loss of data, 40 percent had their internet bandwidth saturated due to DDoS attacks, 41percent of them suffered ransomware attacks, 29 percent grappled with the presence of malicious insiders, 32 percent faced extortion attempts with the threat of DDoS attacks, and a quarter of them suffered accidental major service outages. UK organisations led the world when it came to suffering the accidental loss of data.
An important takeaway from Netscout's report is that service providers have markedly improved their threat detection capabilities for both inbound and outbound threats, so much so that 95 percent of service providers detected DDoS attacks in 2018, 10 percent more than those who did so in the previous year.
However, despite better detection capabilities, a lot more needs to be done to tackle the threat of DDoS as, according to 88 percent of service providers from across the globe, continued use of reflection/amplification techniques and the continued exploitation of vulnerable IoT devices will make DDoS attacks their primary concern for 2019. In comparison, only 37 percent named large-scale malware outbreaks as significant concerns for the year ahead.
"One thing is clear, as more devices become "smart" and also internet-enabled, they often are given the ability to send, query, or process information that resides elsewhere in the network or cloud. To do so, these devices often use embedded accounts that are difficult to monitor and may also have hard-coded passwords.
"The combination of smart devices with credentials to access external systems, via unmonitored, privileged accounts means that IoT represents a risky and unwatched channel for data theft or larger participation in botnet attacks," said Barry Shteiman, VP of Research and Innovation at Exabeam to SC Magazine UK.
"The best way to illuminate this attack risk is to monitor the behaviour of IoT devices in much the same way as actual human users. If you can’t directly protect and manage the devices on your network, you must understand what normal behaviour for the devices looks like; then it’s possible to get an early indication of when a device has been highjacked by hackers and is likely being used for malicious means," he added.