Businesses face an average of 3.9 distributed denial-of-service (DdoS) attacks a day, with 96 per cent of attacks lasting for less than half an hour.
According to the inaugural quarterly DDoS trends and analysis report from Corero Network Security, short bursts of attack traffic instead of prolonged events and partial link saturation attacks have become more common. The report, based on real customer data, said that one customer in particular experienced an average of 12 attacks per day across its multi-data centre environment during the three-month time period.
Speaking to IT Security Guru, Dave Larson, CTO and vice president, product at Corero Network Security said that the figures are based on customer reports and what it sees is some are attacked once a week some not at all, but they are uncommon, and a high percentage are attacked daily, if not constantly.
He said: “During as DdoS, everything is spoofed and hidden and it is hard to find the attacker. In almost all cases a DdoS is about not denying services, and in some cases we see DdoS used as a smoke screen to do other things, such as degrading the firewall and forcing the intrusion prevention system into fallback mode.”
Another key finding of the report was that 96 per cent of attacks last for only 30 minutes, which Larson said was clever as the process of moving the traffic over to scrubbing can take up to 30 minutes, by which time the attack has ended but soon after another attack can begin.
“In five minutes you can send millions of malicious packets that will saturate the logs,” he said. “As the tools are distributed, it is hard to run reconnisance on the network to determine what to do.” Larson said that often it can take an analyst 90 minutes to deal with a five minute attack, but five minutes is enough time to exploit a vulnerability in SSL or place an APT on the network.
Additionally, 79 per cent of DDoS attack attempts targeting Corero’s customers between October 1st and December 31st, 2014 were less than 5Gbps in peak bandwidth utilisation. Larson said that in the five minute log saturation attack, if you look at logs you will see “five minutes of garbage!”
Larson said: “As our customers’ experiences indicate, the regularity of these attacks simply highlights that there is a growing need for protection that will properly defeat DDoS attacks at the network edge, and ensure the accessibility required for the Internet connected business, or the internet providers themselves.
“Just because you are not experiencing a DdoS, now, it doesn’t mean it is not a problem for you.”