The Threat Continues to Grow: The State of DDoS in Q2 2019
A Distributed Denial of Service (DDoS) attack can be a serious threat to an organization’s bottom line and ability to attract and retain customers. In the age of the Internet, a company’s website is their public presence and main point of contact with their customers. A loss of website functionality for even an hour can have a severe effect on an organization’s ability to do business if customers are lost due to annoyance or the inability to research and purchase an organization’s products and services.
Unfortunately, the threat of DDoS attacks is only growing as the Internet changes and evolves. New developments in the Internet landscape make large-scale DDoS attacks easier and cheaper to perform, expanding the number of organizations that can be potentially targeted. As a result, the need to invest in a robust DDoS protection solution exists for all organizations, not just the “big names” in business.
The Growing Threat of DDoS
DDoS attacks are increasing in number, scale, and difficulty of prevention. This growth has been caused by the changing face of the Internet, where new technological developments have made it easier for attackers to gain access to the computational resources necessary to perform their attacks.
This growth in attacks is enabled by many of the same technological developments designed to help individuals and legitimate businesses. The Internet of Things (IoT) is designed to improve convenience and quality of life by allowing monitoring and management of Internet-connected appliances via mobile apps or voice. However, IoT devices are notoriously insecure, allowing them to be compromised by hackers and used in an attack.
Similarly, cloud computing is extremely useful for businesses wishing to outsource and scale their computing environment, but it also makes cheap computing resources available to hackers. This technology has dramatically decreased the cost of performing an enterprise-scale DDoS attack, reaching as low as $7 per hour. As a result, hackers have begun offering DDoS “as a service”, dramatically expanding the number and types of organizations that can fall victim to an attack.
The ability to build large-scale botnets using compromised IoT devices or rented cloud resources has dramatically changed the face of the DDoS threat. The ability to build these large botnets has allowed the size of DDoS attacks to increase dramatically, and the ease of use has also allowed more players to enter the DDoS market.
Another impact of the increased amount of computing power available to hackers is a change in the composition of a DDoS attack. Traditionally, DDoS attacks consisted of smaller numbers of extremely large packets, which made attacks easier to detect. The access that hackers now have to large botnets has prompted a shift toward attacks consisting of larger numbers of smaller packets with randomized IP addresses and ports, making detection and prevention much more challenging.
DDoS in Q2 2019
The changing state of the DDoS threat landscape was apparent in the number and composition of attacks detected in Q2 2019. The second quarter of 2019 showed an 18% growth in the number of attacks as compared to the same period of the previous year. While the number of attacks dropped off compared to Q1 2019, this seasonal drop is normal as “amateur” attacks take a break for summer vacation.
A worrying trend in Q2 2019 was an increase in the number of application-level DDoS attacks. These attacks take advantage of an attacker’s access to a greater amount of computational resources, like compromised IoT devices or cloud computing. Application-level DDoS attacks are often legitimate, but spam, requests to an application, which use up resources that could be otherwise directed toward legitimate users. These attacks are much more difficult to detect and block than “traditional” DDoS attacks since they so closely resemble traffic from legitimate users of the service.
Protecting Against DDoS
The DDoS threat landscape has been changing due to significant changes in the composition of the Internet. As the Internet of Things and cloud computing become more ubiquitous, hackers increasingly have access to a pool of cheap computational resources that can be used in DDoS attacks.
This growing pool of resources has triggered a shift in what is considered “normal” for DDoS attacks. Beyond the growth in number and scale of attacks, access to more resources also allows attackers to change how attacks are performed. Instead of being forced to use massive packets to overwhelm target computers (which are easily detected), attackers can perform application-level attacks, where it is more difficult to differentiate legitimate from malicious traffic.
The evolving DDoS threat landscape underscores the importance of both investing in a DDoS protection solution and choosing a top-of-the-line one. Many modern DDoS prevention products rely on indicators of attack that are quickly becoming obsolete with the hackers’ shift to application-level DDoS attacks. As a result, attacks are likely to either pass through undetected or an attempt to block attack traffic will impact legitimate users’ access to the service as well.
Deploying a leading DDoS protection solution ensures that an organization has access to comprehensive protection against DDoS attacks. These solutions have access to the scrubbing capabilities necessary to block modern high-volume attacks and the ability to accurately detect and respond to even application-level attacks. Many organizations live or die by their web presence, and failing to properly protect it against DDoS attacks can significantly impact their ability to engage with their customers on the Internet.