Time for something different because what’s being done isn’t working
DDoS Advantage: Attacker

Last year we saw some really awful devastation caused by DDoS attacks and a lot had to do with how attackers used resources, IoT devices most notably, to launch some pretty large attacks. The code used to cause these large outages was published openly and soon after, all sorts of attacks and variants of the original code were causing havoc around the world.

In addition to protecting our customers and infrastructure from DDoS attacks, Neustar actively monitors and reports what and how organizations are experiencing DDoS activity worldwide. We look at how much activity is taking place and how companies are faring in protecting themselves from impact. In the research report that we just released, what is clear is that organizations have been struggling to cope this past year.

For starters, 849 out of 1,010 organizations had been attacked with DDoS, 84%. Worse, 86% of those were hit multiple times. They also needed longer to detect DDoS attacks, more than half requiring at least three hours, and about as many took another three hours to respond once an attack was detected. It was not too surprising then to see that 40% of organizations hit were notified by their CUSTOMERS of the attacks. Essentially, almost half had unwittingly enrolled their customers as a part of a DDoS warning system – not good.

Beyond the attacks, though, there’s a lot of information showing that malware activation, ransomware encounters, and network compromises in concert with DDoS attacks were all way up. Combining DDoS attacks with other cyber activities is not new, but the extent to which companies are being impacted is. These are some of the associated activities that organizations reported occurred in concert with DDoS attacks:

Associated Attack during previous 12 months

2017

2016

Malware activated

43%

37%

Network compromise, physical damage

32%

25%

Ransomware encountered

23%

15%

All of this impact helped explain why 90% of organizations are investing more in DDoS defenses than in the previous 12 months, up from 76% last year, despite the fact that 99% already have some form of protection in place. The threats faced today and those going into the future are eclipsing how organizations have protected themselves in the past.

Beyond the constant research, Neustar also released its quarterly security operations data for Q1/2017 that gives details and insights into DDoS protection activity provided to our customers and partners. Reports out of the Neustar Security Operations Center point to a busy start to the 2017 DDoS season, with higher traffic volumes and higher average attack sizes as compared to this time last year. In fact, customer mitigations nearly doubled by comparison while attackers continue to fine-tune their craft to create new and clever combinations of multi-vector attacks.  

Without getting too far in the weeds, the Neustar SOC noted the emergence of Connectionless Lightweight Directory Access Protocol (CLDAP) as an attack vector, while continuing to see the prevalent use of TCP, ICMP, UDP, and multi-vector attacks. The complexity of these attacks and the increased volumes mitigated by our security team aligns to some of the problems other organizations are having in trying to deal with DDoS threat.

Last year saw unprecedented attack sizes, but it’s not just the big ones that hurt. Attackers are typically smart and most have specific objectives. Taking your infrastructure offline using a big attack makes it difficult for them to access your company and steal things, activate malware, or damage equipment. Big and small, DDoS attacks are hurting companies and it’s time for newer, adaptable, and scalable defenses that include new technology and methodology to be effective.

Neustar is currently deploying the world’s largest DDoS mitigation network, more than 10 Tbps with 27 nodes around the world. Not just capacity, though, I’m also leading the development of new ways to keep DDoS attacks from impacting our customers and partners to give organizations around the world better options to get back ahead of the danger curve.

Long story short, DDoS attacks aren’t showing any signs of abating.

Unfortunately, the threats associated with DDoS attacks cannot be understated or underestimated. Learn more about DDoS attacks and what our SOC is doing to protect our customers and their shareholders.

Download the report: May 2017 Worldwide DDoS Attacks & Cyber Insights Research Report