Last year saw the largest ever DDoS on record at 500 Gbps, as attackers increasingly adopted multi-vector techniques to extort money from their victims, according to Arbor Networks.
The network security firm’s 11th Annual Worldwide Infrastructure Security Report (WISR) claimed DDoS attack size has grown 60 times since the survey first began, and continues to, with other victims in 2015 reporting attacks of 450 Gbps, 425 Gbps and 337 Gbps.
The complexity of attacks is also increasing, with over half (56%) reporting so-called ‘multi-vector’ attacks designed to hit infrastructure, applications and services simultaneously.
Almost all (93%) reported application layer attacks, with DNS the most commonly targeted service now, rather than HTTP.
Cloud-based services in particular are under fire. The percentage of respondents reporting outages affecting this layer has risen from 19% two years ago to a third (33%) in this report.
On the plus side, more than half of respondents (57%) said they are looking to deploy technology to speed incident response, while 52% of service providers claimed they can now spot and contain an APT within a month.
What’s more, three-quarters now say they have a formal incident response plan.
However, the insider threat is growing—up from 12% last year to 17%—and a worryingly high 40% still don’t have tools to monitor the use of BYOD on their networks.
Chief security technologist, Darren Anstee, argued that complex, stealthy threats are hard to mitigate.
“Every year, more of our survey respondents see application-layer attacks on their networks and this year we have seen a big jump in the proportion of respondents seeing multi-vector attacks. Multi-vector attacks are more complex to deal with, but the right tools make all the difference,” he said in a statement.
“On a positive note, the proportions of respondents using Intelligent DDoS Mitigation Systems (IDMS) are up for both enterprise and service provider respondents—so the right solutions are being deployed. And this is just as well, as we are also seeing attack frequencies up across the board.”
Kaspersky Lab principal security researcher, David Emm, argued that DDoS attacks are now cheap and easy to launch—giving rivals, hacktivists and those with a grudge to bear an excellent opportunity to cause maximum disruption to a target.
“In fact, although the cost to businesses from this kind of attack is on average around £291,000, the simplest DDoS attack can be acquired for only £32.30 and ordered anonymously. As a result, the volume of attacks has rapidly increased in recent years, so it’s imperative that businesses find an effective way to safeguard themselves from such attacks in 2016,” he added.
“Companies can do this by partnering an internal specialist with an internet provider, to actively filter and weed out these types of crude attacks, and decrease the cost of customer protection, as well as reduce the risk of loss to the company.”
Photo © Profit__Image