It almost goes without saying that distributed denial of service (DDoS) attacks have been threatening organisations globally over the past few years, damaging corporate reputations and causing down time that has inconvenienced customers at best and crippled businesses at worst. Last year marked a watershed year for the volume, virulence and sophistication of attacks. However, this is just the beginning, we predict that the worse is yet to come.
According to the findings of Neustar’s recent ‘Worldwide DDoS Attacks and Cyber Insights Research Report’, more than 80 per cent of organisations surveyed globally have been attacked at least once in the previous 12 months (an increase of 15 per cent since 2016). Furthermore, 85 per cent of those attacked were hit more than once.
Despite knowing the threats, many companies across APAC are still struggling to detect and respond to DDoS attacks effectively and efficiently. In fact, within APAC, on average almost half of all organisations take over three hours to detect an attack and an additional three hours to respond. This is significantly higher than the global average of 29 percent and 28 percent respectively.
So where is DDoS headed?
It is crucial to highlight that the DDoS attack size, complexity, and ferocity will continue to grow this year. Multi-vector attacks, termed advanced persistent denial of service (APDoS), have become a near-universal experience - 75% of attacks during Q1 2017 were APDoS, as seen by the Neustar Security Operations Centre - demonstrating that attackers are consolidating the most effective methods to launch multi-pronged attacks on the network, servers and software in organizations. Continued use of Internet of Things (IoT) enabled botnets to deliver massive volumetric attacks will also cause organisations to reassess DDoS defence strategies this year.
Evaluating the damage of DDoS in APAC
With organisations across APAC being attacked more often, businesses should regularly re-examine the effectiveness of existing security strategies, including DDoS mitigation. The consequences of a DDoS attack can cause tremendous costs, not only financially, but also damaging the brand reputation. In fact Neustar research indicates that after a DDoS attack, 33 percent of APAC organisations reported average revenue losses of $USD250, 000 or more.
Furthermore, DDoS attacks are often used to mask with other cyber crime activities. The installation of ransomware and activation of malware in unison with DDoS attacks was reported by 49 per cent of organisations in APAC. In 2017, the victims of DDoS attacks around the world have experienced more malware activation (43 per cent reported vs 37 per cent a year before), network breaches/damage (32 per cent vs 25 per cent), customer data theft (32 per cent vs 21 per cent), ransomware (23 per cent vs 15 per cent), financial theft (21 per cent vs 14 per cent) and lost intellectual property (21 per cent vs 15 per cent) in conjunction with a DDoS attack.
While 90 per cent of companies globally are investing more in DDoS-specific defences today, stronger defences are likely needed to mitigate the growing risk and likely impact of a major DDoS attack quickly and effectively.
Evaluating mitigation methods
Currently, there are several solutions in the market that organisations could consider. Several low cost content delivery network (CDN) style services can offer inexpensive DDoS protection, however they may impose usability issues and be unable to stop a significant attack.
Similarly, DDoS mitigation appliances can be effective against certain types of attacks, however increasingly popular large-scale floods can overwhelm circuit capacity and render the appliance ineffective.
On demand cloud where network traffic is redirected to a mitigation cloud is reliable and cost effective. However, it is dependent on swift failover to the cloud in order to avoid downtime.
Always routed cloud, on the other hand, involves the redirection of web traffic on a constant basis. The constant redirection can affect network latency, even during non-attack conditions, and additional services may be required to address application layer attacks.
Adopting a DDoS mitigation approach that includes a managed appliance and cloud (hybrid) is the best option, yet can be costly. The appliance will stop any DDoS attack within the circuit capacity feeding the network, and automatically trigger cloud mitigation, if the circuit is in danger of becoming overwhelmed.
DDoS attacks will reach unprecedented levels this year, with complex (APDoS) attacks being the norm, continued leveraging of IoT to generate massive volumetric attacks and a dramatic rise in the use of ransomware in conjunction with a DDoS attack. Those working to protect corporate revenue and reputation would be wise to work with knowledgeable partners that have extensive experience in identifying and addressing DDoS attacks, plus access to multiple sources of intelligence and a product roadmap that ensures they will meet the ‘threats of tomorrow’.