Frequency and Complexity of DDoS Attacks is Rising; Defenders Turn to Automation and Managed Services for Support

NETSCOUT SYSTEMS, INC. today released its 13th Annual Arbor Worldwide Infrastructure Security Report (WISR) offering direct insights from network and security professionals at the world’s leading service provider, cloud/hosting and enterprise organisations. The report covers a wide range of topics, from DDoS attacks and major industry trends such as SDN/NFV and IPv6 adoption to key organisational issues such as incident response training, staffing and budgets. Its focus is on the operational challenges network operators face daily from cyber threats and the strategies adopted to address and mitigate them.

“Attackers focused on complexity this year, leveraging weaponisation of IoT devices while shifting away from reliance on massive attack volume to achieve their goals. Attackers have been effective, and the proportion of enterprises experiencing revenue loss due to DDoS nearly doubled this year, emphasising the significance of the DDoS threat,” said Darren Anstee, NETSCOUT Arbor Chief Technology Officer. “The results of the WISR survey, together with our ATLAS data, demonstrate why an integrated multi-layer defence from the data centre to the cloud is required.”

THREAT LANDSCAPE: The exploitation of IoT devices and innovation from DDoS attack services are leading to more frequent and complex attacks.

Size: Fifty-seven percent of enterprise and forty-five percent of data centre operators saw their internet bandwidth saturated due to DDoS attacks.
Frequency: There were 7.5 million DDoS attacks in 2017, according to data from Arbor’s ATLAS infrastructure which covers approximately one-third of global internet traffic. Service provider respondents experienced more volumetric attacks while enterprises reported a thirty percent increase in stealthy application-layer attacks.
Complexity: Fifty-nine percent of service providers and forty-eight percent of enterprise experienced multi-vector attacks, a twenty percent increase over last year. Multi-vector attacks combine high volume floods, application-layer attacks and TCP-state exhaustion attacks in a single sustained offensive, increasing mitigation complexity and attacker's chance for success.

CONSEQUENCES: Successful DDoS attacks are having greater operational and financial impact.

  • Fifty-seven percent cited reputation/brand damage as the main business impact, with operational expenses second.
  • Fifty-six percent experienced a financial impact between $10,000 and $100,000, almost double the proportion from 2016.
  • Forty-eight percent of data centre operators said customer churn was a key concern following a successful attack.

DEFENCE: Network and security teams, the guardians of the connected world, are challenged by an active and complex threat landscape, as well as persistent staffing issues.

  • Eighty-eight percent of service providers utilise Intelligent DDoS Mitigation Solutions and thirty-six percent utilise technology that automates DDoS mitigation. Increased investment in specialised tools automation is driven by the sheer number of attacks faced in service provider networks.
  • Attack frequency is also driving demand for managed security services. Thirty-eight percent of enterprises relied on third-party and outsourced services, a jump from twenty-eight percent the previous year. Only fifty percent carried out defensive drills, and the proportion of respondents carrying out drills at least every quarter fell twenty percent.
  • Fifty-four percent of enterprises and forty-eight percent of service providers have difficulty hiring and retaining skilled personnel.