This spring and summer, it seemed like all we talked about was ransomware. In September and October, we wondered if the elections would fall victim to a cyberattack. Now as we approach Thanksgiving and the holiday season, DDoS attacks are front and center, just in time for the busy online retail season.
According to the third-quarter report from Akamai, large DDoS attacks have increased by 138 percent over the past year, while the total of all types DDoS attacks went up by 71 percent. One reason, the report found, is the Mirai botnet and the use of IoT devices as the launching point for the large and significant outages we saw recently. Also, as eWeek pointed out, victims aren’t doing enough to prevent repeat attacks:
DDoS attacks are rarely an isolated affair, with Akamai reporting that in the third quarter, on average there were 30 DDoS attacks per target. Some organizations however experienced more than the average, with one organization protected by Akamai being impacted by 427 DDoS attacks in the third quarter.
Like I said, this news of the increase in DDoS attacks comes at a bad time for the holiday retail season. As Venkat Rajaji, SVP of Marketing with Core Security, wrote in a blog post, Cyber Monday alone generated $3.07 billion in sales last year. Rajaji stated that, based on what we are seeing so far this year, we should expect a DDoS attack – or at the very least be ready for it, adding:
Given the recent trend of security breaches and attacks, it just feels like this particular holiday season we are poised for some kind of DDoS attack that’s greater in scale than anything we’ve ever seen that could wreak havoc on the retail industry. . . . Imagine what a DDoS attack could do if you have an outage for any extended period of time. For every second, minute, or hour you are down, that’s lost revenue for your company.
As Michael Patterson, CEO of Plixer, told me in an email comment, we shouldn’t be surprised by the volume of DDoS attacks. The attacks provide value to cyber criminals in multiple ways: They are an effective smoke screen to distract victims from a simultaneous more targeted attack, and the mere threat of a DDoS attack can be an effective means of extortion where the company is told to pay up or else. Patterson added:
Certainly the release of the Mirai source code is a contributor to the growing problem and if you consider that Gartner estimates that by 2020, 50 billion connected “things” will be on the internet, we can begin to appreciate that the problem will continue on its growth trend.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba