The worldwide scourge of cyberthreats continues to grow, with distributed denial of service (DDoS) attacks remaining some of the most prevalent, writes David Pitlik on NETSCOUT's blog. Forbes recently reported there were 2,216 data breaches and more than 53,000 cyber security incidents in 65 countries during the 12 months ending in March 2018.
DDoS attacks getting bigger and bolder in 2019
NETSCOUT’s Threat Intelligence Report, Dawn of the Terrorbit Era, reports that DDoS attacks were up 26% in the second half of 2018 compared to the same time period in 2017.
These attacks are only increasing in scale getting bigger and more challenging to mitigate:
- Attacks in the 100–200 Gbps range were up 169%
- Attacks in the 200–300 Gbps range were up 2,500%
- Attacks in the 300–400 Gbps range were up 3,600%
The global maximum DDoS attack size grew by 19% year over year in the last six months of 2018. The largest DDoS attack on record—a massive 1.7 Tbps—occurred early last year.
Figure 1: NETSCOUT Arbor confirmed a 1.7 Tbps DDoS Attack
“The truth of the matter is that these very large attacks are really more about garnering publicity than anything else,” explained Steinthor Bjarnason, principal engineer at NETSCOUT. “Any DDoS attack over one gig is more than sufficient to take out a server that is not adequately defended. And increasingly, what we are seeing is DDoS attacks being used as a diversionary tactic. Cybercriminals will frequently launch a DDoS attack to distract and overwhelm security professionals, while at the same time launching a more targeted application-level or state-exhaustion attack that flies under the radar. And because the attackers are changing servers every five minutes, it becomes very difficult to detect and defend against such complex and evasive tactics.”
Such multilevel tactics are also being employed by state-run advanced persistent threat (APT) group actors as part of more-sophisticated attacks aimed at disrupting critical infrastructure, creating political or economic turmoil, or stealing sensitive IP.
The Commodization of DDoS Attacks
DDoS attacks continue to be a foundational element of the threat landscape. And as is the case with other threat vectors, DDoS tools have become increasingly commoditized. 'A highly businesslike DDoS service-for-hire community today makes it possible for virtually anyone to launch an attack', writes David Pitlik.
“The problem is that attack tools are readily available to anyone who has access to bit currency,” added Bjarnason. “A cottage industry has emerged that is very sophisticated and efficient at monetizing malicious attacks, making weapons of extreme high impact available to anyone with bad intent.”
The good news in all of this is that strides continue to be made in fighting back against these cybercriminals. International crime-fighting agencies have worked closely with law enforcement around the world to take down DDoS-for-hire services. And private sector information security professionals, such as NETSCOUT’s ASERT team, are playing an increasingly important role as they collaborate to increase awareness and disseminate effective new methods for DDoS protection, mitigating threats and fighting cybercrime.
5 August 2019