The State of DDoS Attacks in 2017

Twice each year, Neustar publishes a Global DDoS Attacks and Cyber Security Insights Report, highlighting developments on the risks, tempo and impact of distributed denial of service (DDoS) attacks. The report is the result of months of research aimed at understanding the evolving threat landscape. Our latest data shows that successful attacks are increasing, and attackers stand to gain an ever-more lucrative bounty with each breach.

While there have been a number of headline-making breaches this year, we’ve not yet seen a massive, Mirai-type of attack. Despite the absence of a large-scale volumetric strike, we found that attackers are actually quite proficient at achieving higher breach rates while using fewer DDoS attacks. It’s critical that IT professionals responsible for protecting their organizations’ infrastructures keep their guard up.

When comparing three-year trend of DDoS attack rates to the level of level of breaches that have taken place, we see that attackers are becoming both more resourceful and more strategic.
 

 

According to the report, nine out of 10 organizations acknowledged some form of breach or associated activity with DDoS attacks. In fact, the report calls out that companies reported a breach ratio of 219 percent.

When examining the alarming number of breaches, it comes as no surprise that DDoS detection and responding times are slipping.  

The report shows that over the same three-year period of time, the number of companies that require a minimum of three hours to detect a DDoS attack has grown from 38 percent in 2015 to 46 percent in 2017. If it takes the average company three hours to simply detect that they’re under attack, then attackers have more than enough time to implant malware, ransomware, or exfiltrate sensitive information.

 

 

While it is troubling that 46 percent of organizations require a minimum of three hours to merely detect an attack, the good news is that companies are realizing they must invest heavily in their DDoS defenses, and that DDoS mitigation alone is not enough.

Nowhere is this better illustrated than in the rapid adoption of web application firewalls (WAF). The rise of layer 7 attacks is proof positive that attackers have done the reconnaissance work, and found a vulnerability that they’ve been able to exploit. As attackers continue to widen the vectors and the threat landscape, it’s imperative that companies take a layered approach to safeguard their interests and cover each and every base.

Our research shows an exponential increase in layer 7 protections over the past 12 months. Organizations that have added WAF to combat DDoS has nearly tripled in the past seven months and more than quadrupled from this time last year.

 

 

The report also highlights the importance of organizational self-awareness. As companies undergo digital transformations and incorporate public and private cloud elements into their operations, their risk of attack widens. Attackers are opportunistic; they understand that when it comes to breaching defenses, they just need to be good enough.

As we look forward, it will be important for every organization with a digital presence to understand that the DDoS landscape is extremely fluid, and that what worked yesterday isn’t guaranteed to work tomorrow. Traditional DDoS protection approaches aren’t always going to be enough.

To learn more about how organizations like yours are adjusting their defensive strategies with the changing DDoS threat landscape, download the Global DDoS Attacks and Cyber Security Insights Report now.