DDoS attack trends and their enterprise targets

Introduction

DDoS attacks continue to grow in frequency. According to a new report, in Q1 of 2022, DDoS attacks rose to an all-time high compared to the same period in the previous year. A leading cybersecurity provider reported that DDoS attacks increased by 450% from a year earlier and 46% over the preceding quarter. Today, it is no longer a question of when a DDoS attack will target an organisation, but how to prepare for one. Let’s look at the critical DDoS attack trends and learn from them.

According to a 2021 study, 91% of surveyed organisations indicate that a single hour of downtime that takes mission-critical server hardware and applications offline results in an average of over $300,000 in lost business, productivity disruptions, and remediation efforts. The longer the duration of a DDoS attack, the more significant its adverse impacts get.

A real-world example of the effect of such an attack is the DDoS assault that caused multi-day outages for a prominent global VoIP service provider, which negatively impacted the firm with an earnings loss of between $9 million and $12m in just a single quarter.

“DDoS attacks continue to grow increasingly powerful. In Q1 2022, the average DDoS session lasted 80x longer than in Q1 2021, with the most extended episode continuing for 549 hours (nearly 23 days). This calls for a high degree of vigilance by enterprise IT, and significant preparation for malicious denial of service attacks.”

However, most DDoS attacks are of relatively short duration. The average DDoS attack duration in Q1 of 2022, is just under two hours. But even relatively short-duration attacks are a matter of concern since even these can be tremendously effective and can cause significant damage. A well-targeted albeit short-lived attack on critical systems can result in severe disruptions. Short-duration attacks could interrupt time-sensitive digital interactions like product launches, online sales, and payment of bills, causing extensive financial impact and resulting in adversely impacting the organisation’s brand and reputation.

Rise of DDoS attacks and their key targets

Ransom-related attacks are on the rise. Ransom DDoS (RDDoS) attacks have an extortion component, where payment is sought by the attacker to cease their onslaught. RDDoS attacks comprise about 10% of all DDoS attacks. Ransom DDoS attacks are fairly easy to execute, given the low technical skills required to carry these attacks, yet carry substantial risk for enterprises.

DDoS attacks target all sectors and industries. However, there has been a steady increase in DDoS attacks against the banking, financial services, and insurance industries (BFSI). The telecom and the education industries have also witnessed numerous DDoS attacks against them.

Also read: The Comprehensive DDoS Attack Types List

Recommended steps to protect against DDoS attacks

• Use mitigations recommended by the MITRE ATT & CK framework: Filter Network Traffic (M1037). This control recommends filtering the traffic before the malicious traffic can harm your target network or device. Other recommendations for this control include analysing the risk associated with critical resources being affected by DDoS attacks and creating a disaster recovery plan/business continuity plan to respond to incidents. plan/business continuity plan to respond to incidents. 

• Understand and baseline your current environment: In particular, regular volumes of traffic. 
• Review traffic patterns and logs to detect anomalies in network and application-level floods.
• Enable alerts to act as soon as anomalies are spotted, to act before any significant damage occurs.
• Stay vigilant to sudden surges in inbound traffic to critical servers or services, such as ICMP or UDP/TCP floods.
• Deploy an appropriate intrusion/DDoS prevention solution. 
• Consider setting up geo-blocks through policies or rules.
• Ensure you have adequately scalable service contracts to protect you against larger-volume threats.

Are you prepared?

DDoS attacks have been increasing in both frequency and sophistication. They have the potential to cause millions of dollars worth of damage. Now is a good time to seriously consider putting a robust DDoS protection solution in place if you don’t already have one. To know more about how Tata Communications can help, please click here.