Recent reports suggest that DDoS attacks are approximately doubling between 2015 and 2016. It’s becoming more apparent all the time that this form of protection is a necessity for online businesses.
- Study 1: 125% YOY Bump
- Study 2: 83% YOY Bump
- Study 3: 129% YOY Bump
- Keeping Your Infrastructure Protected
Study 1: 125% YOY Bump
Your website and other digital assets could be more vulnerable than they have ever been, according to a report of Q1 2016 activity highlighted by ZDNet in June. The study found that there was a year-over-year acceleration in distributed denial of service (DDoS) attacks since the first quarter of 2015.
As if that isn’t enough cause for concern, the analysis didn’t just show a greater number of attacks. It also showed that they are longer-lasting than they have been in the past. The Q1 results show that a typical attack continues for over 16 hours, up from less than 15 hours in Q1 2015.
To review, attacks are both more prevalent and take longer to subside. Both of these statistics are clearly bad news for those doing business online. Plus, huge DDoS attacks, delivering 100 Gigabits per second (Gbps) of bogus botnet requests, occur more frequently than they have historically. There were eight attacks of that scope in the first three months of 2015. That number more than doubled in Q1 2016 to 19, a boost of 137.5%.
You can also see how strongly cybercriminals started the year by looking at the last three months of 2015. In October through December, there were just five of those 100+ Gbps mega-attacks.
Plus, reported Steven J. Vaughan-Nichols of ZDNet, the Q1 2016 study detected 4,523 DDoS assaults. “That’s a significant increase from the previous quarter’s 3,693 attacks,” he said. “This increase was largely driven by repeat attacks on customers rather than cyber crooks going after more targets.”
Once you are selected as a DDoS attack target, you have a major problem, because it’s likely it won’t be a single event but dozens of them. Even back in the beginning of 2015, there were 15 attacks experienced by each victim. In Q1 2016, that per-target number grew to 29.
Previously, the cybercriminals would realize protections were present and shift to a different target. In 2016, they are pounding sites over and over again in an effort to break through if the shields are ever inactive. Gaming sites are particularly vulnerable to a flurry of DDoS events because even a slight reduction in load times can noticeably impact performance. DDoS attacks are also becoming more repetitive because the attack tools are now, unfortunately, less expensive and more user-friendly.
“Indeed, DDoS attacks no longer require any hacking or networking skills,” noted Vaughan-Nichols. “DDoS-for hire sites now enable anyone with Bitcoin to launch multiple simultaneous attacks from an easy-to-use interface with a menu of attacks.”
Keep in mind, 29 attacks is simply an average. There are horror stories that go far beyond that level. For example, one company experienced 283 attacks just in the first quarter of 2016, which comes out to more than three each day.
The silver lining in the DDoS world is that the top-end of the monstrous mega-attacks has receded from previous heights. The largest attack detected in the first quarter by these researchers was 289 Gbps, a decline from a high-end of 309 Gbps in the last quarter of 2015. The dubious distinction of “victim of the largest attack ever” goes to a French website, which experienced a DDoS in 2014 that nearly hit 400 Gbps. The super-attacks are becoming less grandiose in scope because the attack platforms have become much more inefficient since ISPs have grown more capable of defending against them.
Study 2: 83% YOY Bump
That is not the only recent analysis that has found DDoS attacks to be increasing to a disturbing degree. An analysis highlighted in BetaNews found that second-quarter attacks went up 83 percent year-over-year from 2015 to 2016, reaching 182,900.
You may think that companies in the United States are the most at-risk for these Internet events. However, this study found that Russia was getting the brunt of these efforts. A Russian ISP that handles the traffic of SMBs and enterprises, Starlink, was pummeled with more than 2 out of every 5 attacks detected over 48 hours.
Much of the discussion of DDoS revolves around DDoS-for-hire scenarios simply because it accounts for so much of the activity, but the analysts of this study believe Starlink is a project by nationalist hacktivists wanting to hurt Russia’s economy.
The paper’s chief scientist, Terrence Gareau, explained that he didn’t expect the number of DDoS attacks to rise because many attackers were shifting to phishing, ransomware, and other forms of financially motivated assaults. “Organizations can expect cyberattacks to continue growing in frequency this year, especially with more attention on the Summer Olympics and the November election season in the US,” he said in July. “The results from this quarter also show how important it is to not only protect your website, but also to plan for new payloads and attacks on your infrastructure.”
Although Russia held the crown as the biggest target country for this sort of cybercrime, the United States was in second, with China in third. In South America, Brazil was still in the top ten nations; however, there were less than half as many Brazilian attacks as Q2 2015.
The researchers of this study additionally documented a rise in other types of cybercrime, such as multicast domain name system (mDNS) and routing information protocol (RIP) attacks. Hackers are testing different approaches to go after sites. Again, because the US presidential election is approaching and because the Olympics occurred in the third quarter, security experts expected to see an even higher quantity of DDoS attacks moving forward.
Study 3: 129% YOY Bump
Keep in mind that these studies are typically performed by security firms, content delivery companies, and similar entities – and they aren’t Internet-wide but of their own customers. Since you have different samples for different analyses, you’ll see different statistics each quarter.
An additional study of the 2nd quarter, featured in Infosecurity Magazine, found that attacks were still rising similarly to the first quarter – more dramatically, even. This analysis detected 4919 DDoS events.
The scope of attacks hit a ceiling in 2014, as discussed above. However, this study measured its largest attack, against a European media company, at nearly the same level – 363 Gbps. There were a total of a dozen assaults during the second quarter that were greater than 100 Gbps. The two largest ones, both of which were greater than 300 Gbps, were of media sites.
However, this study had good news in terms of general volume of an attack. Attacks were, on average, 36% less powerful, measuring 3.85 Gbps.
With the size of DDoS shrinking a bit, they are still becoming more common all the time since the DDoS platforms are so simple to deploy and generate money for the perpetrators, explained the paper’s head author, Martin McKeay. “This commoditization renders businesses vulnerable to a higher frequency of attacks they can’t defend against on their own,” he said. “[I]t is important for organizations to understand what they are up against, specifically as adversaries increasingly threaten DDoS attacks for ransom.”
Keeping Your Infrastructure Protected
It’s clear from the above statistics that companies both large and small need protection from DDoS attacks. At KnownHost, we offer 24/7 fully managed support for our VPS hosting plans, with comprehensive DDoS protection standardly included. Learn more.