As we start to return out of the coronavirus pandemic within the U.S., we enter a replacement world of business in many facets. According to a recent study from Correro, a DDoS mitigation technology platform provider, larger attacks starting from 10 to many Gbps increased by 30% in 2019-2020. Additionally, these attacks are also being actively resumed within the growing wave of cyber extortion and ransomware, as evidence by the recent Colonial Pipeline attack. According to the United States (U.S) Department of Homeland Security, the amount of ransomware attacks increased by quite 400% from the previous year.
As much or quite the worth associated with direct ransom attempts, however, is that the continued business impact of a DDoS attack. In today’s digitally focused world, any downtime or increased latency can negatively impact brand reputation, customer trust, and, ultimately, revenue generation. It’s important that companies understand that DDoS attacks aren’t just a blip on the radar; if not handled properly, they go to be devastating to the long-term prospects of a business.
Progression of DDoS Attacks
Distributed Denial of Service (DDoS) attacks have grown and evolved right alongside the web itself for quite 20 years. While they’ll have once been executed by the stereotypical clone hacker operating out of some dark room, they’re now advanced campaigns deployed by sophisticated cybercriminals who are armed with funding, resources, and advanced technical skills.
This means that the times of one direct method of attack are gone. Today it’s multi-vector attacks that are performed in quick succession and sometimes simultaneously targeting multiple layers of the Open Systems Interconnection (OSI) model in planned attempts to evade security and protection methods. In many cases, these attacks are so advanced and well-designed that companies won’t even realize that they’ve been attacked until an internet site application slows to a halt or crashes altogether.
As the attackers have become more specialized and skilled; DDoS campaigns have risen in volume and frequency. In some instances, even the foremost important internet organizations within the planet are being targeted, including AWS, which reported that it had mitigated an enormous 2.3 Tbps attack in February 2020.
However, it might be misguided for smaller enterprises to believe that cybercriminals are only targeting the most important players. In fact, the increasing volume of attacks is concentrated largely on the extortion of smaller targets. Consequently, while the most important attacks get the headlines, the safety threat posed by frequently occurring, smaller-volume attacks can’t be underestimated.
The Quiet Majority of DDoS Attacks
Despite the rise in large DDoS attacks uncovered by Correro and cited above, an equivalent report found that 95% of all attacks are literally 5 Gbps or less. To the layman, this might appear to be the equivalent of a run-of-the-mill, workaday internet service issue. But actually, this level of attack is entirely capable of making server and network resources inaccessible, resulting in totally blocked internet access.
The changing business landscape only compounds the issue. An increasingly remote workforce relies on cloud-based applications and tools, and also means businesses are now forced to show enterprise services to the web that might rather be within their secure LAN environment. The remote VPN access platforms businesses now use to deliver these services to their employees are often extremely susceptible to DDoS attacks and, if impacted, may result in almost complete productivity loss for the duration of the attack.
Compounding these negatives effects is that the high likelihood that attacks will return. While 84% of DDoS attacks last but 10 minutes, consistent with an equivalent Correro study, this is often intentionally as multi-vector attacks are deployed in quick succession in order to evade protection measures. Ultimately, there’s a one-in-four probability of a repeat attack within the primary 24 hours.
With this risk of continual attacks, businesses must have a pre-defined plan they’re able to implement as soon as a DDoS attack occurs. Best practice procedure includes activating a response team, launching notification and escalation procedures, and informing key stakeholders of things. Similarly, businesses must have pre-installed protection strategies working in parallel to mitigate network threats, whilst attackers take a multi-vector approach to infiltrate the network.
But alone, these steps are not enough.
Advanced intrusion prevention and threat response systems – which combine firewalls, VPN, anti-spam, content filtering, and network security with DDoS mitigation solutions – offer some extent of network protection against a DDoS attack, but ultimately businesses need a partner at the network service provider level. By going to the idea of the DDoS attack target and handling a provider which can divert day-to-day attacks away from their network infrastructure, businesses are able to best avoid downtime and disruption to their online operations.