Distributed denial-of-service (DDoS) attacks are more complex and cause more financial damage than ever, new data shows.
According to NETSCOUT Arbor's 2017 Worldwide Infrastructure Security Report published today, the number of DDoS attacks that cost organization between $501 to $1,000 per minute in downtime increased by 60%. In addition, 10% of enterprises estimated a major DDoS attack cost them greater than $100,000 in 2017, five times more than previously seen.
Now in its 13th year, the report is based on 390 responses from service providers, hosting, mobile, enterprise, and other types of network operators from around the world. A full 66% of all respondents identify as security, network, or operations professionals.
Gary Sockrider, principal security technologist with NETSCOUT Arbor, says there was a 20% increase in multi-vector attacks in 2017 compared to the previous year. Multi-vector attacks combine high-volume floods, TCP state exhaustion attacks, and application-layer attacks in a single sustained offensive, which makes the attacks more difficult to mitigate and increases the attackers chance of success.
"We found that nearly half the group said they experienced a multi-vector attack," Sockrider says.
"Along with revenue loss, companies also experience customer and employee churn as well as reputational damage," he says.
DDoS attacks last year originated primarily from China, Russia, and inside the US, according to the report. The top motivators for the attacks were online gaming-related (50.5%), criminals demonstrating DDoS capabilities to potential customers (49.1%), and criminal extortion attempts (44.4%). Political/ideological disputes were fifth on the list at 34.5%.
Sockrider says due to the global shortage of IT security talent, many respondents were turning to automation for DDoS mitigation: 36% of service providers use automation tools for DDoS mitigation, and 30% of providers employ on-premise or always-on cloud services for thwarting these attacks.
Meantime, researchers at Imperva researchers developed a list of the Top 12 DDoS Attack Types You Need to Know. Among them:
DNS Amplification: In a reflection type of attack, a perpetrator starts with small queries that use the spoofed IP address of the intended victim. Exploiting vulnerabilities on publicly-accessible DNS servers, the responses inflate into much larger UDP packet payloads and overwhelm the targeted servers.
UDP Flood: The perpetrator uses UDP datagram–containing IP packets to deluge random ports on a target network. The victimized system attempts to match each datagram with an application, but fails. The system soon becomes overwhelmed as it tries to handle the UDP packet reply volume.
DNS Flood: Similar to a UDP flood, this attack involves perpetrators using mass amounts of UDP packets to exhaust server-side resources. However, in this attack the target is DNS servers and their cache mechanisms, with the goal being to prevent the redirection of legitimate incoming requests to DNS zone resources.