DDoS Attacks on the Rise

Hi all,

DDoS attacks pose a serious threat to organisations. A recent report released by NEUSTAR confirmed that DDoS attacks continue to pose a legitimate threat as a dangerous weapon used to create chaos and hold organizations hostage.

Out of the organisations NEUSTAR has surveyed, 79% report yearly revenues of more than $100 million, with $1 billion or more in annual revenue.

It was revealed that slightly over 7 out of 10 of global brands and organizations reported a DDoS attack in 2015.

Repeated attacks were reported from 82% of the attacked corporations. And out of these, 45% were struck over 6 times. The organisations that failed to detect the breach and learnt of the attack from a third party accounted to 56% and these are the attacks that have gone unnoticed until it’s too late. More than half of attacked respondents- that is 57% of attacked companies incurred a loss of customer data, finances or intellectual property.

The nature of DDoS attacks

Distributed Denial of Service attacks that target the Domain Name System (DNS) are common. It is often a favorite reflective tool used to bombard targets.  To stop cache poisoning which is a technique that allows a hacker to hijack and redirect users to malicious websites, a layer of security or DNSSEC is used.  But the encryption of DNSSEC itself can be hacked and repurposed as an amplifying factor. Attacks that use DNSSEC as an amplifier can reach up to 100Gbps, more than enough to easily overwhelm standard DDoS mitigation defenses.

Multi-vector attacks

Hackers are now using multivector attacks as a means to infiltrate. Multi-vector attacks signal a troubling and persistent trend. Ranging in size and strike area, these attacks play out as a form of real-time interactive combat. If the initial assault is thwarted, attackers usually follow up with a series of coordinated strikes to keep the IT department guessing where and when the next attack will take place.

Are IoT devices making companies more vulnerable?

Eight out of ten companies that adopted IoT devices were attacked while 43% of them have suffered some form of theft (finances, customer data and/or intellectual property) as a result of the breach.

What regions were mostly affected?

72% of organizations in North America, 73% of the organisations in EMEA (Europe, the Middle East, and Africa) regions and 77% from the APAC region were attacked.

76% of those attacked were notified by customers and other third parties and 63% of those attacked reported theft (IP, financial, customer data). Over 7 out of 10 companies mentioned that they lost their customer trust/damage to the brand as a result of an attack.

How did the organisations react?

Around 42% of the companies took 3 hours or more to detect the breach.

Over half the reported breaches in North America has been 5Gbps or more which is more than enough to cause serious outage or service disruption.

Organisations are starting to take DDoS attacks seriously

76% is investing more to protect against DDoS threats —DDoS is institutionalized, as both a weapon and necessity to defend!

 


Source: Akati

Comments are closed.