Arbor Networks says DDoS attacks becoming more complex, costly

New data is showing that distributed denial-of-service (DDoS) attacks are becoming more complex and causing more financial damage than ever.

This is according to the recently published 2017 Worldwide Infrastructure Security Report from NETSCOUT Arbor, which noted that the number of DDoS attacks which had cost organisations between $501 to $1,000 per minute in downtime had increased by 60 percent.

In addition, 10 percent of enterprises had estimated that a major DDoS attack had cost them greater than $100,000 in 2017, which is five times more than has been previously seen.

Now in its 13th year, the report is based on 390 responses from service providers, hosting, mobile, enterprise, and other types of network operators from around the world.

The report covers a wide variety of topics, from attack trends to SDN/NFV and IPv6 adoption, to key organisational issues such as incident response training and staffing challenges.

Arbor Network’s territory manager for Sub-Saharan Africa, Bryan Hamman, says, “The report found that there were 7.5 million DDoS attacks in 2017. One of the reasons for the rise in financial impact lies in the fact that 55 percent of service providers and 48 percent of enterprises experienced multi-vector attacks, a 20 percent increase over last year. Multi-vector attacks combine high volume floods, application-layer attacks and TCP-state exhaustion attacks in a single sustained offensive, increasing mitigation complexity and attackers’ chances for success. Fifty-seven percent cited reputation/brand damage as their main business impact, with operational expenses second. In addition, 48 percent of data centre operators said customer churn was a key concern following a successful attack.”

The report notes that DDoS attacks last year originated primarily from China, Russia and inside the United States. Top motivations for attacks were related to online gaming sites as well as extortion attempts, and hackers showcasing their prowess to potential customers. Political and ideological disputes were also a global trend.

“Organisations are advised to defend against malware attacks, including DDoS incidents, by implementing best current practices for DDoS defence. However, a disturbing feature of this year’s report was that it was the second consecutive year that the survey had showed an overall decline in service providers implementing security infrastructure best practices.

“The report showed an increase in the proportion of respondents that do not practise DDoS simulations and have no plans to do so, and also showed that only 30 percent made time for incident response rehearsals at least quarterly. The use of access control lists at the edge also declined. When we see the financial impact of DDoS attacks increasing, as outlined by this latest WISR report, the importance of DDoS best practice mitigation defences simply cannot be under-estimated,” concludes Hamman.