Samir Desai, Director of Product Management at GTT, goes over DDoS attack trends.
The pandemic has taught the world many things as businesses adapted and pivoted functions, especially when it comes to connectivity. Among the most impactful changes caused by the pandemic is our increased reliance on the internet for day-to-day business operations.
Distributed Denial of Service (DDoS) attacks are one of the most serious threats to a business’s internet presence. DDoS attacks can cause havoc to an enterprise, where any internet downtime or increase in latency can compromise brand reputation and customer trust, with consequential, adverse impact on revenue.
DDoS attacks are increasing in both size and frequency. According to a study produced by Corero, larger size DDoS attacks increased by 50pc in 2020. The threat of DDoS attacks being used for extortion purposes is also on the rise, consistent with the recent spate of ransomware cyberattacks, most notably the attack on Colonial Pipeline in the U.S.
The growth
DDoS activity has been in existence for the past 20+ years, almost as long as the internet. Over the last decade, the cyber-threat landscape has grown significantly. Cyber criminals are now more sophisticated than ever – they are operating with more funding and are better resourced and more educated.
As a result of this increasing sophistication, we are seeing regular data breaches across major organisations. As noted above, DDoS attacks are rising in volume, complexity, and frequency. We are also seeing extremely large, high-profile attacks that can last for extended periods of time, such as the reported 2.3Tbps attack mitigated by AWS in February 2020. However, those types of extreme attacks are only seen occasionally. They are becoming less common as bad actors shift their focus to smaller, extortion-driven attacks elsewhere.
Occurrences of high-profile cyberattacks are only the visible tip of the iceberg. The bigger business issue is frequently occurring, smaller-volume attacks that impact organisations on a daily basis. Corero, a DDoS mitigation technology platform provider, found that 95pc of all attacks are 5Gbps or less. The consequential impact of these attacks is internet access being blocked, caused by server and network resources being inaccessible.
Additionally, multi-vector attacks are performed in quick succession in attempts to evade protection measures. These attacks are short-lived and likely to return. According to the same Corero study, 84pc of DDoS attacks last less than 10 minutes and there is a 25pc probability of a repeat DDoS attack within the first 24 hours. These disruptions are now happening during a time when businesses are trying to deal with an increasingly remote workforce. Enterprise services that would normally be within the secure LAN are now exposed to the internet. Remote VPN access platforms are particularly vulnerable and become another target of interest for DDoS attackers.
To mitigate the impact of DDoS activity, businesses should work with a network service provider that can divert day-to-day attacks away from their network infrastructure and avoid downtime disruption to their web operations.
An internet service provider (ISP) approach
Traditional enterprise security platforms are not designed to withstand DDoS attacks. With DDoS attacks evolving from large-scale, infrequent attacks to daily sophisticated attacks, they require automated ‘always on’ mitigation. This is needed to take away any manual mitigation approaches that will not suffice in the current threat climate.
To aid and support businesses, ISPs should be equipped to deal with a constantly evolving DDoS threat landscape. ISPs with integrated DDoS mitigation solutions do this by enabling cost-effective, automated, and real-time mitigation that meets the level of requirement to protect a business’s infrastructure. DDoS protection should be enabled on the ISP’s core network where DDoS traffic can be more easily dealt with without impacting downstream enterprise internet connectivity. The ISP should be able to counter DDoS activity across their key peering points to scrub out and intercept any ‘bad’ traffic at the edge of the network. This allows the ‘good’ traffic to be handed back to the with minimal impact to latency.
Always-on mentality
The expanded use of remote working coupled with the increased reliance on the internet is causing a surge in DDoS attacks. Enterprises must be aware of the threat and understand that traditional security measures will not do the job in protecting their business from the impact of a successful DDoS attack. Working with an ISP with an integrated, always-on and automated DDoS protection platform will give businesses added assurance and allow them to focus on their key business priorities during this critical time without distractions.
