Distributed denial-of-service attacks flood targeted machines with meaningless requests, preventing legitimate...
traffic from gaining access. Attackers can commandeer multiple machines to create a botnet launching pad for these attacks. In recent years, cybercriminals have used DDoS attack programs to extort targets within specific industries, such as financial services. Cyberattackers would typically launch a low-level attack, threatening more damaging events if certain demands weren't met. In these extortion attempts, it was not unusual for one entity to be targeted repeatedly.
Borrowing a page from the on-demand world, hackers now offer DDoS as a service. These hackers typically use reflection-based tactics that make it difficult for organizations to identify the source of an attack.
Enterprises look outside to prevent a DDoS attack
As DDoS attacks become more commonplace and damaging, enterprises increasingly enlist third-party security specialists and telecom providers to help prevent a DDoS attack. Most of the larger DDoS protection providers compile and publish mitigation data on a quarterly or annual basis to make the industry as a whole aware of new trends.
While the results vary by provider, there is some consistency in how these attacks are evolving. Several providers report the number of discrete attacks is actually declining. Verisign, for example, reported the total number of DDoS attacks decreased by 25% in the last quarter of 2017, compared to the year-earlier period.
Unfortunately, the complexity and the virulence of these attacks continue unabated, thus increasing the need for a viable strategy to prevent a DDoS attack. Verisign's report noted the average peak size had increased eightfold to 7.6 Gbps in the fourth quarter of 2017. The majority of the attacks -- 82% -- are multivector in nature, with 46% applying five or more attack types. The most common of these are User Datagram Protocol-based, followed by TCP attacks.
Akamai, which actually saw the number of mitigated attacks increase in the same period, saw a 14% rise in Layer 3 and Layer 4 attacks. And more of the attacks are being initiated in the United States, with the company reporting a 31% increase in domestically based attacks.
Amplification attacks begin to gain traction
In its annual Data Breach Investigations Report, Verizon said the median size of a DDoS attack program was actually falling. But while the company said most attacks last just a few minutes, it reported an increase in amplification attacks. In these attacks, the hacker mimics lookup requests to the domain name system to mask the source of the incident. Through a series of techniques, the attacker can turn a small request into a larger query by an order of magnitude or more.
The best defense to prevent a DDoS attack is preparation. Identify and address potential system and network vulnerabilities in a consistent manner. It's critical to possess appropriate DDoS protection tools and services. In some cases, organizations are sufficiently resourced to handle most DDoS-related concerns with internal staff and tools. However, having a third-party backup is essential. As in all aspects of security, DDoS protection is not a one-off event, but rather an ongoing series of processes and best practices.
Dig Deeper on Network Security Best Practices and Products
Related Q&A from Amy Larsen DeCarlo
AI network monitoring has great potential, but companies need to pare down the number of network monitoring tools they use now in order to reap AI's ... Continue Reading
Multi-tenant public cloud monitoring can pose significant challenges. Luckily, some tools can help track these environments and even flag potential ... Continue Reading
Network analytics use cases illustrate some of the benefits that companies are receiving from network analysis tools. Gauging network performance is ... Continue Reading