Academic Research Reports Nearly 30,000 DoS Attacks per Day

Academics from the University of Twente (Netherlands); UC San Diego (USA); and Saarland University (Germany) recently conducted research that found that one-third of all /24 networks have suffered at least one DoS attack over the last two years. The research also found that “an average of 3% of the Web sites in .com, .net, and .org were involved with attacks, daily.” The study results were presented in a report titled, “Millions of Targets Under Attack: a Macroscopic Characterization of the DoS Ecosystem,” which the researchers presented at last week’s Internet Measurement Conference in London. (Note that the research seems to refer to both denial of service attacks and distributed denial of service attacks as simply “DoS attacks.”)

Security experts have long recognized that DDoS attacks are an increasing problem, but it is helpful to have large-scale, independent research that validates what vendors and organizations observe. According to a SecurityWeek article, “By combining the direct attacks with the reflection attacks, the researchers discovered that the internet suffers an average of 28,700 distinct DoS attacks every day. This is claimed to be 1000 times greater than other reports have indicated.” To learn that the number of attacks is actually 1,000 times greater than previously thought is quite astounding, indeed. Perhaps it is a wake-up call to those who are unaware of the scope and gravity of the DDoS problem.

One of the most interesting findings from this report is that “low-level, even if repeated, attacks are largely ignored by the site owners. By correlating attacks with the time web sites migrated their DoS defense to third-party DPS companies, the researchers were able to determine what triggers the use of a DPS. They found, in general, that attack duration does not strongly correlate with DPS migration; but early migration follows attacks of high intensity.”

In other words, companies generally do not engage a DDoS protection system for low-level DDoS attacks, and if an attack doesn’t last very long, they don’t engage their third party DDoS protection system. That’s an unfortunate trend because companies can ill afford to ignore low-level, short-duration DDoS attacks. As other DDoS research has found, such attacks serve as a smokescreen for more damaging security breaches. Furthermore, Corero’s DDoS Trends Reports have consistently found that low-threshold DDoS attacks are much more common than volumetric attacks, and that most DDoS attacks are short in duration.

All combined, these findings suggests that many companies are leaving the door open to security breaches. Certainly, many companies are investing in all types of IT security to ward off threats that range from intellectual property theft, data theft, malware and ransomware. It costs a lot of time and money to implement those other security solutions, so it makes little sense to leave the figurative “barn door” open at the network perimeter. DDoS attack protection at the network edge is probably the most important line of defense.

Though the statistics are sobering and not very surprising, it is nonetheless refreshing and helpful to see academic research pertaining to the global scope of denial of service attacks. In this case, the research provides validation of the problem that Corero, along with many other experts and vendors, works hard to resolve.

Corero has been a leader in modern DDoS protection solutions for over a decade; to learn how you can protect your company, contact us.