This report summarizes research on distributed denial of service (DDoS) attacks focusing on trends and developments observed in 2018. Increasingly sophisticated DDoS attacks have become an inevitable part of the cybersecurity landscape threatening enterprise networks, Communication Service Providers (CSP), and their customers. As complex new challenges arise, more and more organizations are seeing the need to fortify their security posture.
DDoS attacks have increased in sophistication and intensity, threatening the availability of enterprise services, applications, websites, and networks.
Most survey respondents (86%) report experiencing at least one DDoS attack in the past 12 months.
SIZE AND MAGNITUDE HAVE GROWN SIGNIFICANTLY
Attack types are increasing in breadth and depth.
In 2018,49% of survey respondents reported an average DDoS attack size of greater than 50 Gbps, while only 10% reported the same in 2015. The research shows that attack types are increasing in breadth and depth, distributed across multiple areas of IT infrastructure in nearly equal proportions.
MULTIPLE DATA CENTERS: A TARGET-RICH ENVIRONMENT
Once attackers have identified a good target, they are apt to continue probing other data centers in the same “family.” Consequently, the more data centers an organization operates, the greater its likelihood of being attacked.
Attacks are launched for a variety of reasons. Some are just the result of random opportunism — thrill-seeking attackers. In some cases, state-sponsored actors seek to disrupt operations of foreign adversaries or business competitors. Others are driven by activists looking to raise awareness for a “pet” cause, be it social or political. And some attacks are used as a cover for more malicious, intrusive hacks. Whatever the reason, organizations with more than five data centers are more frequently targeted, and the average attack size is considerably larger.
Attackers exploit multiple vectors to launch their DDoS attacks.
As in our previous survey, UDP Flood (including DNS Amplification) was the attack vector most frequently leveraged against respondents’ organizations in the past 12 months. While the overall mix of vectors remains relatively stable, the scale increased dramatically with all categories up significantly from the last survey.
MEASURING THE IMPACT OF DOWNTIME
The average downtime per attack grows as the number of DDoS attacks increases, indicating inefficient mitigation processes. While respondents cite a number of factors by which they gauge the impact, the top response is Time to Service Restoration.
What accounts for the difference? It depends on who’s responding. Whereas CSOs may see service restoration time as the most important metric, CIOs will see order-processing uptime as critical. CEOs are apt to be more concerned about hits to a company’s reputation seen in the press. Business priorities vary by organization, and by the teams within them. One may see customer satisfaction as the primary goal, while keeping the back office up and running as secondary. DDoS mitigation strategies should be subjected to rigorous reviews against changing business priorities and the evolving nature of threats to ensure they continue to meet business objectives.
OBSTACLES TO ACHIEVING BETTER PROTECTION
Despite the positive reviews for current DDoS solutions, respondents do report limitations. In the current survey, keeping up with the complex array of attack types is identified as the number one barrier to greater DDoS protection:
Respondents at organizations with a planned budget increase to address multi-vector DDoS threats are more likely to cite the cost of detect and mitigation solutions as a barrier (52% vs. 33% among all others).
PROVIDING EFFECTIVE PROTECTION IS AN ONGOING CHALLENGE
In the current survey, keeping up with evolving and ever-proliferating attack types and methods is identified as the key challenge to implementing more effective DDoS protection. The increasing complexity of attacks coupled with increasingly complex, hybrid infrastructures make the cyber-threat landscape more opaque than ever before. As in 2017, usage cost continues to be an important consideration. All in all, the challenges have become less daunting on a year-over-year basis, pointing to the increased efficacy and ease-of-use of DDoS solutions.
WHO’S RESPONSIBLE FOR DDoS PREVENTION?
More than half (55%) of survey respondents offer hosted services to third parties, and two-thirds of those offer DDoS prevention services. Most respondents believe that service providers hold at least equal responsibility for DDoS prevention when applications are deployed via cloud service providers, while one-half (50%) believe service providers bear the main responsibility.
The evolution of DDoS methods suggests that CSPs need to enhance their security posture and find better ways to protect critical infrastructure and their tenants. The continued discovery of new attack patterns should also prompt enterprises to seek DDoS-proof service providers. The advent of 5G is forecast to drive exponential growth in connected IoT devices, dramatically expanding attacks via DDoS botnets. Analysts predict that DDoS will go hyper-scale with 5G. To protect their networks and customers from these rapidly growing threats, mobile service providers will need to leverage sophisticated DDoS threat intelligence and advanced, automated detection and mitigation solutions.
The IDG Connect research survey was conducted on behalf of A10 Networks in order to analyze the cybersecurity landscape, especially as it pertains to DDoS threats across select industries. Via an online questionnaire, 200+ respondents from the US and UK were queried at organizations averaging 6,316 employees. 35% were software, computer services, telecommunications, and engineering organizations.