DDoS attacks cost organizations on average more than $2.5 million in revenue

Volumetric DDoS attacks are getting larger. 45 percent of the DDoS attacks had a capacity of more than 10 gigabits per second (Gbps), while 15 percent of the attacks were at least 50 Gbps. This is almost double the number reported last year, according to the Neustar May 2017 Worldwide DDoS Attacks and Cyber Insights Research Report. 

“Distributed Denial of Service (DDoS) attacks are the zeitgeist of today's Internet,” said Barrett Lyon, pioneer of the DDoS defense industry and Head of Research and Development at Neustar Security Solutions. “The question organizations must ask now is how they are prepared to manage these highly disruptive events. Are they prepared for the bad day where their customers call and ask why the website is down?”

DDoS attack trends
Volumetric attacks getting larger. 45 percent of DDoS attacks were more than 10 gigabits per second (Gbps). 15 percent of attacks were at least 50 Gbps, almost double the number reported last year. 849 out of 1,010 organizations were attacked with no particular industry spared, an increase of 15 percent since 2016. 727 – 86% of those attacked – were hit more than once. 40 percent of respondents reported receiving attack alerts from customers, up from 29 percent in 2016.  

Business Implication Trends
It’s a game of risk, according to Neustar. 43 percent of the organizations report an average revenue loss of at least $250,000 per hour caused by a DDoS attack. 51 percent needs at least three hours to detect an attack and 40 percent needs at least three hours to respond. The instances of ransomware reported in concert with DDoS attacks increased 53 percent since 2016. 51 percent of attacks involved some sort of loss or theft with a 38 percent increase year over year in customer data, financial and intellectual property thefts.

99 percent of organizations have some sort of DDoS protection in place. Yet 90 percent of organizations are investing more than they did a year ago and 36 percent think they should be investing even more. 

Challenging year from a DDoS threat landscape perspective
Although Q4 is generally considered “DDoS season”, the Neustar Q1 attack data captured from the Neustar DDoS Security Operations Center highlights a number of key indicators that foreshadow this year will be another challenging one from a DDoS threat landscape perspective.

The year is off to a fast start. Q1 is generally considered “pre-season”, but Neustar is already reporting significant increases in average attack size and variety of attack vectors. Attackers are constantly seeking new ways to turn legitimate infrastructure elements against their owners. Generic Routing Encapsulation (GRE) based flood attacks and Connectionless Lightweight Directory Access Protocol (CLDAP) reflection attacks are emerging as the new hot attack trends for 2017. Multi-vector attacks have become the nearly universal experience for Neustar mitigation operations, demonstrating that attackers continue to launch more sophisticated attacks to penetrate organizations defenses.

Report
Download Neustar’s Worldwide DDoS Attacks and Cyber Insights Research Report at ddosdefense.neustar.

0
Your rating: None

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <br><p>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Recent comments
  • Wouter Hoeffnagel
    National Management & IT Symposium: creating order in complex problems
    .
  • Alejandro Debenedet
    Video ITWNET Round Table: ‘Digital sandbox makes innovation possible’
  • Maryann Farrugia
    Two-fifths of IT professionals consider IT organization ready for digital business
  • Alejandro Debenedet
    UK Government websites fail to meet plain English guidelines
  • warren wilkins
    Is my ITIL V2 Service Master certification garbage now?