The size of distributed denial of service attacks is “growing at an alarming pace all around the world,” according to NetScout Systems’ 14th annual report on worldwide infrastructure security — and as more enterprises and networks move operations to the cloud, attackers’ focus is shifting there as well. They’re even adopting the same business model: DDoS-as-a-service, run by professional attackers-for-hire.
“For the first time ever, a DDoS attack topped 1 Tbps in size. A few days later, a 1.7 Tbps attack was recorded. We’ve officially entered the terabit attack era,” NetScout concluded — noting that when its report was first initiated, 10 Gbps attacks were enough to take down networks and make headlines. But now, the company said, 400 Gbps attacks are “a matter of routine.”
Even as the overall number of DDoS attacks globally was down slightly — 4% — to 6.13 million, they are growing larger and more complex, according to NetScout’s report. This year, the company said, “we saw a dramatic and persistent increase in DDoS attack size and complexity, as the global max attack size increased 273 percent. This year, 91% of enterprises who experienced a DDoS attack indicated that one or more of the attacks completely saturated their internet bandwidth.”
In addition, the company found, “important elements of digital transformation strategies are now under attack. In 2018, there was a threefold increase in the number of attacks against SaaS services, from 13% in 2017 to 41% in 2018.” NetScout added that there was also “a significant jump in attacks against third-party data centers and cloud services” with those figures growing from 11% to 34%.
Sixty-four percent of respondents in NetScout’s survey reported that they experienced between 1-10 DDoS attacks in 2018, a figure which the company said was consistent with previous years. Ransomware reports were similar to 2017, at about 30% of enterprises — but DDoS attacks are now taking on aspects of ransomware attacks. NetScout said that enterprises are now seeing “significant increase in extortion for DDoS threat/attacks, which represents a major change in the threat landscape.” That category of attack is now the third most-common attack type, up from sixth place. “Enterprises suffer from DDoS extortion threats as much as actual DDoS attacks, a trend that we attribute to the maturity and rapid proliferation of DDoS-for-hire services.”
The company went on: “Thanks to old-fashioned software development, the technical barrier to entry for DDoS has been obliterated. Do-it-yourself tools now enable anyone to become an attacker, for any reason—permanently changing the attack landscape as a result. … These days, DDoS attacks are often powered by professionally managed DDoS-for-hire services known as booters or stressers, which is reflected in the attack motivation findings. For example, the top motivation cited for attacks in 2018 was criminals showcasing their capabilities to potential customers, followed by criminal extortion attempts.”
Among other findings from the report:
-In 2018, attacks that targeted firewalls and IPS devices nearly doubled, jumping from 16% in 2017 to 31%.
-The average reported cost of downtime associated with internet service outages was $221,836.80. Japan had the lowest down-time costs, and Germany had the highest.
-The targets of attacks are shifting. NetScout said that while in the past, the main targets of DDoS attacks were e-commerce, financial services and gaming, in 2018 the primary target was government customers.
-NetScout said that was a “double dose of good news,” however, in how DDoS attacks are being handled: less by firewalls and load balancers and more by specialized DDoS mitigation techniques, as businesses become more aware of the impact of DDoS on their activities.
-DDoS attacks will continue to be the primary concern for 2019, according to 88% of the service providers surveyed. “The continued use of reflection/amplification techniques and the continued exploitation of vulnerable IoT devices have many worried about a greater frequency in high volume attacks,” NetScout said, going on to add, “The poor state of IoT security has led to the weaponization of infected devices as ‘packet cannons’ that utilize new reflection/amplification vectors to generate these high-volume DDoS attacks.” Thirty-seven percent of service providers also reported being concerned about large-scale malware outbreaks.
-The shortage of security analysts and incident responders, and difficulty in hiring and retained skilled network security personnel, is the biggest challenge to building and maintaing network security teams.