Before the inauguration last week, there was a call to protesters to join in a DDoS attack against WhiteHouse.gov. I don’t know if it happened – I never heard that it did – but I point out this call for a reason. Hacktivists and cybercriminals recognize the power of a DDoS attack and they aren’t afraid to use it.
Deloitte warned that we should expect a “crisis year” in DDoS attacks, in part due to the rise of Internet of Things (IoT) devices and the ability to use them as botnets. According to ComputerWeekly.com:
According to the report, 2017 will see an average of one attack a month reaching at least 1Tbps in size, with the number of DDoS attacks for the year expected to reach 10 million.
Deloitte predicts an average attack size of 1.25Gbps to 1.5Gbps, and the report points out that an unmitigated attack in this size range would be sufficient to take many organisations offline.
Researchers at Arbor Networks also suggested that technological innovations will be the catalyst for the rise in DDoS attacks, adding that the chances of your business being hit by a DDoS attack have never been higher. More than half of the respondents in their study admitted to seeing more than 21 attacks per month, with 21 percent saying they see more than 50. The security report also found:
Multiple simultaneous attack vectors are increasingly being used to target different aspects of a victim’s infrastructure at the same time. These multi-vector attacks are popular because they can be difficult to defend against and are often highly effective, driving home the need for an agile, multi-layer defense. 67 percent of service providers and 40 percent of Enterprise, Government and Education (EGE) reported seeing multi-vector attacks on their networks.
The consequences to this increase in attacks is the loss of thousands, if not millions, of dollars in revenue because the business’s customer base can’t reach them.
As long as IoT devices remain vulnerable, we must expect to see the rise in DDoS attacks. I think, too, we’ll see more because they are so effective in getting attention when they do happen to a major organization. (I expect WhiteHouse.gov to be a frequent target as we move deeper into this administration, unfortunately.) On the plus side, organizations are getting better at mitigating a DDoS attack, as the Arbor Networks report found that 77 percent of service provider respondents said they are able to address an attack within 20 minutes, and 55 percent of EGE said they are holding regular DDoS defense drills. That gives me hope that even though we know DDoS attacks are going to get worse, we are at least anticipating them and doing something to decrease the damage.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba