DDoS attacks plotted over the last year have stepped back from the headline-grabbing events of 2016, but have become more stealthy and intelligent, according to a new report.
More than half – 59 percent – of service providers and 48 percent of enterprises experienced multi-vector attacks, a 20 percent increase over last year. Multi-vector attacks combine high volume floods, application-layer attacks and TCP-state exhaustion attacks in a single sustained offensive, increasing mitigation complexity and attacker’s chance for success.
These multi-vector attackers are regular events for businesses, with 57 percent of enterprise and 45 percent of data centre operators seeing their internet bandwidth saturated due to DDoS attacks, and a total of 7.5 million DDoS attacks in 2017.
The data comes from Netscout Arbor’s 13th Annual Worldwide Infrastructure Security Report.
Darren Anstee, Netscout Arbor chief technology officer, told SC Media UK: “The big changes we’ve seen this year have been the prevalence of multi-vector attacks, often targeting the application layer. Botnet operators are getting smarter, and aiming to stay under the radar as much as possible.”
The impact of DDoS attacks has become clearer, with 57 percent citing reputation/brand damage as the main business impact, beating operational expenses into second place. Perhaps unsurprisingly, data centre operators said customer churn was a key concern following a successful attack in 48 per cent of cases.
Anstee continued: “Businesses are now more often factoring in the cost of DDoS, so there’s a much better perception of the risk to enterprise. We’ve seen an evolution in DDoS mitigation strategies this year, with some technologies – such as the use of firewalls – dropping from 43 percent last year to only 28 percent this year. The use of hybrid mitigation techniques is set to rise, alongside a broader theme of automation.”
The use of destination-based blackholes to mitigate attacks has increased, with D/RTBH moving into second place at 55 percent. A considerable 38 percent of enterprises relied on third-party and outsourced services, a leap from 28 percent the previous year.
A major barrier turns out to be a human one, however, with the report highlighting staffing issues across the board, with 54 per cent of enterprises and 48 percent of service providers having difficulty hiring and retaining skilled personnel.