A new study from Arbor Networks reveals how distributed-denial-of-service (DDoS) attacks have changed over the course of the last decade, specifically noting the considerable increase in size, duration and complexity.
The firm's tenth annual 'Worldwide Infrastructure Security' report (WISR) indicates that, since 2005, DDoS attacks have gone from independent ‘nuisance' attacks that often relied on brute-force, to massive, multi-level volumetric or application-layer attacks which are “now components of complex, often long-standing advanced threat campaigns”
The US-based network security firm says that the size of these attacks has increased 50-fold in the last ten years, with one such attack topping 400Gbps in 2014 compared to a high of 8Gbps a decade ago. Other survey respondents mentioned they had been hit by DDoS attacks measuring 300Gbps, 200Gbps and 170Gbps last year.
Approximately 90 percent of these were application-layer attacks and 42 percent of respondents reported they had been targeted by multi-vector attacks combining volumetric, application-layer and state exhaustion techniques in the last year. Arbor adds that these attackers would often look to cripple firewalls, IPS and cloud solutions with their DDoS attack.
However, it is not just the size and sophistication that has increased, but also the sheer number of attacks too; in 2013 a quarter of respondents saw more than 21 attacks a month but this had nearly doubled to 38 percent just a year later.
“In 2004, the corporate world was on watch for self-propagating worms like Slammer and Blaster that devastated networks the year before; and, data breaches were most likely carried out by employees who had direct access to data files,” said Darren Anstee, director of solutions architects at Arbor Networks, in a statement.
“Today, organisations have a much wider and more sophisticated range of threats to worry about, and a much broader attack surface to defend. The business impact of a successful attack or breach can be devastating – the stakes are much higher now.”
The report, which sought the opinions of 287 respondents from Tier 1, 2 and 3 service providers between November 2013 to October 2014, came just a week after Akamai Technologies had released its fourth quarter (Q4) ‘State of the Internet' study, which noted the increasing number of DDoS-for-hire services on the black market, as well as a spike in the number of DDoS attacks towards the end of last year.
The firm revealed that the number of attacks had risen 57 percent year-on-year and increased 200 percent quarter-on-quarter, which is perhaps not overly surprising given the frequency of these kind of threats at Christmas time. As an example, last year saw the Lizard Squad attack Xbox Live and PlayStation Network on Christmas Day.
“An incredible number of DDoS attacks occurred in the fourth quarter, almost double what we observed in Q4 a year ago,” said John Summers, vice president of Akamai's cloud security business unit. “Denial of service is a common and active threat to a wide range of enterprises. The DDoS attack traffic was not limited to a single industry, such as online entertainment that made headlines in December. Instead, attacks were spread among a wide variety of industries.”
The firm – like Arbor – also noted that the average peak bandwidth had spiked (52 percent up YoY, 54 percent up QoQ), and that there were 51 percent more application-layer attacks and 84 percent more multi-vector attacks on a yearly basis.
But most interestingly, it added that DDoS services are becoming more commonplace, something which the Lizard Squad has started offering in recent months.
“Widespread availability of for-hire DDoS services allowed low-level, non-technical attackers to purchase ready-to-use DDoS services,” reads the report.
“The expansion of the DDoS-for-hire market also promoted the use of multi-vector campaigns, as the competitive market drove attack innovation. Significantly more multi-vector attacks were observed – 88 percent more than in Q4 2013. More than 44 percent of all attacks used multiple attack vectors.”
Mark Kedgley, CTO at New Net Technologies, told SCMagazineUK.com in a recent email that DDoS attacks are getting harder to defend against.
“DDoS remains one of the most difficult attacks to defend against - by definition, the attack is perpetrated simultaneously from large numbers of devices including home and business users wherever a Trojan has been deployed. This makes the standard countermeasure for DDoS - blocking/blacklisting associated IP addresses - extremely hard.”