Earlier this month Cisco released a white paper that is part of the company’s larger report, “Visual Networking Index Complete Forecast Update, 2015-2020.” Here are some statistics from that white paper, relevant to distributed denial of service (DDoS) attacks:
- Frequency of distributed denial-of-service (DDoS) attacks has increased more than 2.5 times over the last 3 years.
- The average size of DDoS attacks is increasing steadily and approaching 1 Gbps, enough to take most organizations completely off line.
- Peak DDoS attack size (Gbps) is increasing in a linear trajectory, with peak attacks reaching 300, 400, and 500 Gbps respectively, in 2013, 2014, and 2015, at about 10 to 15 percent per year.
- In 2015 the top motivation behind DDoS attacks was criminals demonstrating attack capabilities, with gaming and criminal extortion attempts in second and third place, respectively.
- DDoS attacks account for more than 5 percent of all monthly gaming-related traffic and more than 30 percent of gaming traffic while they are occurring.
- Globally the number of DDoS attacks grew 25 percent in 2015 and will increase 2.6-fold to 17 million by 2020.
DDoS Attacks are More Frequent, Not Necessarily Larger
Corero also finds that DDoS attack frequency is increasing, but not only large, volumetric attacks. Roughly 92% of DDoS attacks targeting Corero customers are 1Gbps or less in size. This number contradicts the findings of the Cisco Visual Networking Index report, as Corero is seeing all DDoS attack traffic in deployments, not just the larger attacks that are off-ramped to a mitigation operation. By default, we are seeing all vectors and size of attacks simply due to the in-line, peering point nature of our deployments. Small, sub-saturating attacks are not just “white noise” on a network. They can be just as, if not more, damaging because they often mask nefarious security breaches that compromise networks and steal sensitive/confidential data.
Online Gaming is a High-profile Target
There are certain industries that are more susceptible to DDoS and, in agreement with the Cisco report, the online gaming (multi-player) and gambling industry is a high-profile target. The reason is that the stakes are high; booting users off-line, preventing others from logging-in, and creating latency or complete outages in game play significantly impacts payouts and player stats, so players are likely to abandon a gaming company that has extended downtime. That means a loss of customer confidence and revenues for the gaming company.
Criminal Extortion Attempts are Increasing
We also believe criminal extortion attempts are on the rise. During October 2015, 10% of Corero’s customer base faced extortion attempts, which threatened to take down or to continue an attack on their websites unless a ransom demand was paid. If the volume of DDoS attacks continues to grow at the current rate of 32% per quarter, according to Corero’s latest Trends and Analysis Report, the volume of Bitcoin ransom demands could triple to 30% by the same time this year.
What this all means is that DDoS attacks are not going away anytime in the foreseeable future, especially given the projected increase in overall web traffic and the increase in attack surfaces created by the Internet of Things (IoT). Traditional, reactive DDoS approaches, (i.e., black hole routing, scrubbing service, in-house security support) are not effective at defending against DDoS attacks, especially the small-scale attacks that escape the attention of human security staff.
The most effective approach is a DDoS Protection Solution that has the capacity to not only mitigate the demanding volumes and frequency of attack traffic, but also provide sophisticated DDoS event intelligence that allows organizations to keep on top of the constantly emerging new threat vectors.
To learn more about modern DDoS protection download the report, Evolution of DDoS.
If you’d like to learn more about Corero, please contact us.