Big Increase in DDoS Attacks Recorded in 2016

A State of the Internet Report by researchers from Akamai shows a huge increase in the first quarter of 2016 in so called distributed denial-of-service (DDoS) attacks.

The research from the U.S. content delivery network (CDN) and cloud services provider showed a massive 19 such attacks that exceeded 100 Gbps took place in the first quarter of this year, compared to only 5 on the last quarter of 2015.

The previous record for DDoS attacks was 17 back in the third quarter of 2014.

What Is a DDoS Attack?

A denial-of-service attack is a cyber attack on that is intended to make a computer or network unavailable to users, and a distributed denial-of-service attack is one that uses multiple compromised systems (sometimes thousands) that are often infected with a Trojan virus to launch a single attack on one system. The sheer number of requests that the target receives (sometimes called a ‘flood’) typically overload the resources and memory and render the targeted computer or network unavailable.

Rise Driven by Cheap Rent-a-Botnets

It is believed that one of the main drivers of the recent boom in DDoS attacks is the availability to cyber criminals of very cheap rent-a-botnet services. More would-be attackers than ever before can now enlist the help of a range of booter or stresser botnet services which can launch DDoS against specific targets for under £10.

Reflection and Amplification Techniques Common

The Akamai report showed that a quarter of the DDoS attacks that took place in the first 3 months of 2016 are likely top have used amplification techniques which result in larger payloads, and are therefore likely to be more likely to cripple the targeted machine / network.

Typical reflection and amplification techniques involve exploiting misconfigured servers on the Internet that respond to spoofed requests.

Rise in Multi-Vector Attacks

Another worrying trend highlighted by the Akamai researchers is the increasing number of multi-vector attacks. Multi-vector attacks use a range of technologies, deployed in numerous stages, to penetrate multiple common vulnerabilities in the defences of the target organization until a way in is found. These attacks used a combination of elements such as social engineering, and spear phishing e-mail messages with malicious attachments that that can exploit zero-day vulnerabilities in the target system. These attacks can also be designed to bypass antivirus engines.

The Akamai researchers found that around 60% of the DDoS attacks in the first quarter of 2016 were multi-vector attacks, over 40% of which used 2 vectors, and 17% of which used 3 or more.

Origins

Although the largest number of compromised computers and misconfigured servers used by DDoS attackers are in China, the U.S. and Turkey, the actual location of the attackers themselves is difficult to establish.

What Does This Mean For Your Business?

The extent of digitalisation and reliance on the Web in businesses combined with a huge rise in cyber crime means that your cyber and data security should now be very high on the list of your business priorities.

Getting a full understanding of your risk profile, where and what your information / data assets are, and what to take steps now to protect those assets and improve your cyber resilience should be a board level issue.

Steps that you could be taking to protect your business include improving awareness among and giving training to all staff, making sure that at least all essential areas are covered e.g. using the government’s Cyber Essentials Scheme, conducting regular health checks, risk assessments or audits, making sure that formal written cyber security policies are in place and that Business Continuity and Disaster Recovery Plans are in place.

Seeking expert, external professional help and Cyber Security Consultancy Services could also be a good way to quickly get up to speed with identifying and managing the cyber security threats facing your business.