DDoS attacks are one of the oldest (and arguably most annoying) cyberattacks. They are relatively easy to carry out, not that expensive to do, and can be devastating to the target. Sadly, despite being a well-known attack vector, a lot of organizations don’t have adequate measures in place to combat even small-scale DDoS attacks.
What’s more, DDoS attacks are on the rise and are becoming a bit of a problem. For a long time, they were considered more like a nuisance and were possibly even neglected by many companies. As a result, hackers quickly realized that DDoS attacks can be even more effective than they expected. Now they are using these types of attacks more often and this causes problems for everyone.
DDoS is rising
According to data by Netscout, the first half of this year saw an 11% increase in DDoS attacks compared to the first six months of 2020. In total there were 5.4 million DDoS attacks recorded and if the trend continues, they will surpass 11 million for the entire year. This would make it quite the record and shows that DDoS is a threat that cannot be taken lightheartedly.
Netscout reported that in January alone there were 972,000 DDoS attacks – the highest ever. This tempo slowed down and by June they were 759,000. But while the total volume of attacks went down, their scale and severity went up. The largest one was in June, and then in August the second largest ever on record took place.
Hackers have a lot of targets and some specific favorites. The most affected industry was telecommunications, specifically the wired carriers. This industry suffered 283,516 DDoS attacks in H1 alone! A distant second is the data processing, hosting and related services with 195,258 recorded attacks; and third place goes to wireless carriers with 84,151 attacks.
As mentioned, the scale of the DDoS attacks grew. In June hackers aimed a DDoS attack towards a German Internet Service Provider and it reached a bandwidth of 1.5Tbps. This was the aforementioned largest recorded attack for 2021 at that time.
Then in August, Microsoft was attacked with the second largest DDoS ever. It reached a peak of 2.4Tbps just shy from the 2.5Tbps all-time record from 2017. Back then it was Google. Now it was Microsoft and the attacker wanted to take down one of its Azure customers in Europe. The attack continued for more than ten minutes and used over 70,000 different sources. This means it employed a massive botnet, but thankfully it wasn’t enough to take down Azure. The company said it was because Azure is built to withstand tens of terabits of DDoS attacks – far more than the current max volume attempts.
Often DDoS attacks are used as a cover from an actual data breach. But in most cases, they are mainly used as a way to disrupt regular service. There’s also a trend for ransom DDoS attacks where targets must pay to stop the attack.
Then in October, there were a series of DDoS attacks against several UK telecoms companies. The event was reported to the UK Comms Council who didn’t name the exact number of affected providers but did note that some of them provided services for UK’s critical infrastructure, including the police, National Health Service and others. There were also VoIP providers who were attacked.
“Ransom threats have been made to numerous providers and an overall threat has been made to the entire industry in the UK,” a spokesperson at the UK Comms Council commented. “I should also highlight that these DDoS attacks have also been carried out against providers in the USA and Canada over recent weeks and months, which is why our statement highlights that this appears to be a coordinated international campaign.”
It seems like telecoms companies are being increasingly targeted as they provide services to a lot of other industries.. So, it’s an ‘attack one – attack all’ type of approach with higher chance of the telcos paying up to avoid service disruption. The spokesperson also adds that the attacks are on a scale never seen in the history of the UK Comms Council which was established in 2004.
Meanwhile there are numerous other reports of DDoS attacks, including against telcos, companies like Cloudflare and Yandex, media and even government institutions. Some of these attacks aren’t with high volume traffic, but instead are continuing in bursts for several days at a time. This brings additional losses for the victims as they must increasingly spend on protective measures and purchase a higher constant level of traffic that they can’t monetize and instead lose on their organic traffic as users visit their sites less because of the downtime or just the slow response.
How to defend your organization
“In 2021, cybersecurity has become an everyday problem for business. The pandemic has forced companies to create remote working conditions and move some of their processes beyond cloud platforms and secure office networks. Today, the data of most companies remains highly vulnerable. According to the latest research, only 5% of company data is properly protected, and cyberattacks are increasing every day. To counter this kind of malice, companies need to make awareness, prevention and security best practices part of their culture. “This is the only solution”, commented Sergey Burushkin – Product Manager and Head of Market Segments Group at Neterra, during the conference BalRec 2021.
There are several things that organizations should do in order to improve their cybersecurity. You must apply all of them, not just a selection in order to get an adequate level of protection.
It’s a long walk
The most important security measure is not even technical. It’s all about the mindset. Companies should incorporate their security initiatives into their everyday process. This includes adequate training for employees, investing in proper security and most importantly – knowing that all of this isn’t a one-and-done process. It’s not a sprint. It’s not even a marathon. It’s a lifelong walk. Cybersecurity must be an integral part of your daily tasks.
This also means keeping track of the constant security challenges and advancements. You need to have a security strategy in place and update it on a regular basis. It must include risks factors, assets, possible entry points, weak links and so on. Also, take into account the steps you will have to take when (not if) you get attacked.
Everyone is involved
Another crucial factor is that organizations must know that cybersecurity is not a responsibility only of the IT team. All employees can be attacked. Most often, hackers can attack lower tier employees and work their way from there, and if the company’s systems are crippled by a DDoS attack, then all employees will be affected by it.
Therefore it is important that cybersecurity training involve all employees. Granted, not everyone needs to know high level security systems protocols, but everyone does need to know and use the basic security steps and principles. You can also build on top of that with any specific security measures for certain roles.
Maintaining proper cybersecurity levels can be a challenge even for big corporations. Not everyone has the resources and knowledge of Microsoft or Google to combat high-level DDoS attacks. Smaller companies or organizations which aren’t in the IT industry will need professional help. It takes a lot of time and effort to gain the knowledge and experience, and this is why cybersecurity experts are a not nearly enough the number they should be.
So, for many companies it’s a better (and much cheaper in the long run) solution to get professional help for their cybersecurity. “Managing these services in the right way is often a challenge for IT units in organizations, so we are ready to provide the necessary technical experts to do it for them so that companies make the most of their internal resources in the direction of business projects.”, added Sergei.
Neterra has built several features, including a DDoS protection system for its data centers. This way, all its services have a professional level of security in place for all customers. Cloudware, for example, offers DDoS protection even for its dedicated servers.
NetIX also has increased focus on security. Recently the company announced a new partnership with NBIP/NaWas for detection and mitigation of DDoS traffic. Thanks to this partnership, both entities can provide better service and experience for their users. This way even smaller Internet Service Providers have access to top tier security.
And it also shows another vital step for proper cybersecurity – partnerships. No one company can solve these issues. Everyone has different experiences and ideas which often complement each other. There are even shared security systems and special algorithms which can take the data and experience from one cyberattack and then apply the needed measures in real-time across partnering networks and improve their overall security as the attack is deployed, but has not yet reached all possible targets.
Experts also agree on one specific action for all cyber victims: do not pay the asked ransom. Michael Kaczmarek from Neustar says to ITProPortal that around 60% of businesses consider paying in the event of an attack. A lot of them hope that this way they can return to normal work with minimal damage. Often though hackers will simply continue to come back for more. Plus, it motivates hackers to get even more demanding and increases the risk on the company as it now will be targeted even more often even if it adds better security afterwards. So, it’s better to invest the money in backups and proper security in the first place, to minimize the risk of major breaches.
If you fancy IXP topics, look what we have for you here: