2017 has been a stellar year for DDoS attacks, with the latter half of the year seeing an explosion in attacks due to cyber criminals leveraging unsecured devices.
According to Corero Network Security’s latest half-yearly DDoS report, customers experienced an average of 237 DDoS attack attempts per month during Q3 2017 – equivalent to 8 attack attempts every day. This is almost double the number experienced in Q1 2017, when Corero customers experienced an average of 4.1 attack attempts per day.
Explaining why attacks doubled in just a mere six months, Corero’s Stephanie Weagle sat down with CBR’s Ellie Burns to discuss the report findings.
EB: In Q3, DDoS attacks nearly doubled when compare to 2017 – what do you think are the main factors fuelling this exponential growth?
SW: The growth in DDoS attacks can be mainly attributed to two things; The seemingly endless number of vulnerable IoT devices, and the accessibility of DDoS attack tools and DDoS-for-hire services.
The ultimate goal of a hacker into an IoT device is not necessarily to interfere with consumer heating systems or interrupt their morning coffee ritual; rather, the goal is to harness thousands of these IoT devices to turn them into a zombie army – ready and available to be used in a DDoS attack.
A DDoS attack can be large enough to bring even an otherwise secure network to its knees, or it can be small—barely noticeable “white noise” that escapes human detection and traditional security infrastructure yet can cause outages, latency and downtime.
EB: Why do you think DDoS-for-hire services are becoming more and more easily available?
SW: DDoS-for-hire services can be profitable for the attacker—in an age where cryptocurrency can mask the identity of the responsible parties, it is thriving business – no coding or technical expertise required.
EB: Why do you think more is not being done by vendors & manufacturers to secure IoT devices? Are they inherently vulnerable to attack?
SW: Preventing and mitigating the exploitation of the IoT is going to take quite a concerted effort. Device manufacturers, firmware and software developers need to build strong security into the devices. Installers and administrators need to change default passwords and update patch systems – if this is even possible – when vulnerabilities do arise.
EB: What sort of attack vectors were seen in DDoS attempts in Q3?
SW: The combination of Service Flood attacks and Multi-vector attacks made up the majority of attack vectors observed in Q3. Cyber-criminals are also switching methods, from simple volumetric attacks to multi-vector DDoS attacks. Modern toolkits can launch both infrastructure-based and application-based DDoS payloads, and attacks include SYN flood, UDP flood, Domain Name System (DNS) query flood and GET floods.
Attackers are implementing techniques to profile the nature of the target network’s security defences, and utilizing subsequent techniques to implement second or third attacks designed to circumvent an organization’s layered protection strategy.
EB: What can businesses do to protect and defend against the growing threat of DDoS?
SW: The DDoS protection of today requires robust modern DDoS defences that will provide instantaneous visibility and mitigation of DDoS events as well as long-term trend analysis to identify adaptations in the DDoS landscape and deliver corresponding proactive detection and mitigation techniques. Automatic DDoS mitigation is available today to eradicate the damage of DDoS and eliminate both the service availability and security impact.
EB: What are your expectations for DDoS attacks in the next quarter?
SW: The attack frequency is increasing at an alarming rate —we expect that trend to continue. We would also expect the attack vectors utilized in these attacks to evolve over time.