If you think your network is safe from distributed denial of service (DDoS) attacks just because your website or web application has not been taken offline, think again. The cyber threat landscape continues to evolve dramatically. In terms of DDoS attack trends, two things have happened:
- The combination of malignant code (such as the Mirai botnet source code) and billions of unsecured Internet of Things devices have made it possible for hackers to launch mega-volumetric attacks in the terabits per second range.
- Despite the capacity for larger volumetric attacks, the vast majority of attacks are now small-scale. Corero customers experience an average of 5 attacks per day, but 80% of the attacks are less than 1Gbps in peak bandwidth utilization.
A few years ago the vast majority of DDoS attacks were typically long-duration, volumetric attacks. Why would small attacks now be in the majority? Because that’s how hackers can make money. The DDoS threat landscape changed when cyber criminals realized that they didn’t have to launch volumetric attacks to disable a network. Most of today’s DDoS attacks are much more sophisticated; they are surgically crafted to deliver enough traffic volume, for just enough duration, to knock out a target.
Ransom and extortion attacks are now big business on the Dark Web. Once a hacker knocks a victim’s network offline, the hacker can install ransomware on the network to extort money. One can see how DDoS attacks go hand-in-hand with that trend.
In light of the fact that hackers have increased low-threshold, sub-saturating attacks, it became necessary to build real-time, in-line DDoS mitigation appliances that can detect both small and large types of DDoS attacks. Legacy DDoS solutions rely on separate monitoring systems and re-route suspicious traffic to sets of DDoS protection appliances, which then inspect that traffic for attacks before finally providing mitigation. These solutions are far from real-time, as traffic statistics have to be first collected and analyzed, followed by routing changes and subsequent detection and mitigation. The process often adds up to tens of minutes of delays before mitigation of a DDoS attack commences.
Short, sub-saturating DDoS attacks can be launched and successfully completed long before any legacy DDoS monitoring systems notice them and begin to re-route the suspicious traffic. Therefore, your network is not safe from DDoS attacks—or therefore ransomware or extortion—unless you have a real-time DDoS mitigation solution in place.
For more information, contact us.
Corero earns recommended rating in NSS Labs DDoS test. Learn more.