Corero’s Q4, 2014 DDoS Trends and Analysis Report highlights that organizations are faced with DDoS attack attempts at an alarming frequency. For example, Corero’s customers on average are experiencing up to four DDoS attacks per day –up to 351 DDoS attacks per quarter. What we find even more interesting is that 96% of the DDoS attacks experienced last less than 30 minutes and 73% last less than 5 minutes in duration. These are the attacks that may or may not cause an actual service outage, but are certainly a nuisance to IT teams, and hide more nefarious activity.
With these statistics in mind, Corero CEO, Ashley Stephenson surveyed a group of Network and IT security leaders at a recent CISO and Analyst Roundtable event in London, UK to get their perspective on DDoS threats and the impact to their business.
Ashley queried the panel as to what level of DDoS activity they see on the networks they’re responsible for, with four main DDoS categories to consider:
Directed DDoS: Attack traffic that directly targets an organization’s networks or services. These attacks are intended to cause a site and/or service outage including degradation of operations.
Indirect DDoS: Designed to leverage an organization’s internal resources for the purposes of attacking other entities on the Internet. Examples of indirect DDoS attacks include NTP mon_getlist requests, recursive DNS queries, SSDP discovery messages, Microsoft SQL Server Resolution Protocol requests, and internal botnet infected machines, etc.
Profiling/Probing/Scanning DDoS: Attackers attempting to test and/or map an organization’s network resources; including its defenses. These probes are intended to collect vulnerability and/or exploitability profiles that may be used in future attacks.
Smokescreen/Confusion/Obfuscation DDoS: Designed to conceal or divert attention from intrusion or compromise hacking that may be linked to compromise or breach attempts.
The majority of panelist surveyed, agreed that they have seen all four categories of attacks and the number of incidents appears to be growing, driving further concern about eliminating these types of activities on their own networks. As a result, most were beginning to include DDoS defense strategies into their IT security budgets as a necessary line item to manage the risks associated with DDoS attacks.
From the CISO panel and the activities Corero observes daily, it’s becoming quite apparent that nearly every organization who relies on the Internet to conduct their business, must take the appropriate steps to protect against the onslaught of DDoS attacks.