Distributed denial of service (DDoS) attacks continue to grow as companies suffered through an average of 237 a month during the third quarter, researchers said in a new report.
The data, based on DDoS attack attempts against Corero Network Security users, represents a 35 percent hike in monthly attack attempts compared to the previous quarter (Q2), and a 91 percent increase in monthly attack attempts compared to Q1.
Corero attributes this increase in frequency to the growing availability of DDoS-for-hire services, and the proliferation of unsecured IoT devices.
One case in point is the Reaper botnet, which has infected thousands of devices and is believed to be dangerous because of its ability to utilize known security flaws in the code of those insecure machines.
“The growing availability of DDoS-for-hire services is causing an explosion of attacks, and puts anyone and everyone into the crosshairs,” said Ashley Stephenson, chief executive at Corero. “These services have lowered the barriers to entry in terms of both technical competence and price, allowing anyone to systematically attack and attempt to take down a company for less than $100.”
In addition to the frequency of attacks, the data found hackers are using sophisticated, quick-fire, multi-vector attacks against an organization’s security. A fifth of the DDoS attack attempts recorded during Q2 2017 used multiple attack vectors. These attacks utilize several techniques in the hope that one, or the combination of a few, can penetrate the target network’s security defenses.
“Despite the industry fascination with large scale, Internet-crippling DDoS attacks, the reality is that they don’t represent the biggest threat posed by DDoS attacks today,” Stephenson said. “Cyber criminals have evolved their techniques from simple volumetric attacks to sophisticated multi-vector DDoS attacks. Often lasting just a few minutes, these quick-fire attacks evade security teams and can sometimes be accompanied by malware and other data exfiltration threats. We believe they are often used in conjunction with other cyber-attacks, and organizations that miss them do so at their peril.”
Click here to register to download the report.