According to the latest DDos Trends and Analysis report from Corero Network Security (OTC:$CRREF), organizations experienced an average of 237 DDoS attacks per month during 2017’s Q3. This is equal to 8 DDoS attack attempts every day. The hackers are attempting either to take the organizations offline or to steal sensitive data.
Based on DDoS attack attempts against Corero customers, there has been a 35% increase in monthly attack attempts compared to 2017’s Q2, and compared to Q1, there has been a 91% increase in monthly attack attempts.
Corero believes this increase in frequency is due to the growing availability of DDoS-for-hire services, as well as to the proliferation of unsecured Internet of Things (IoT) devices. As an example, the “Reaper” botnet has already infected thousands of devices and is able to utilize known security flaws in the code of those insecure machines. “Reaper” hacks into IoT devices and then hunts for new devices to infect, thus spreading itself further.
CEO of Corero, Ashley Stephenson, said, “The growing availability of DDoS-for-hire services is causing an explosion of attacks, and puts anyone and everyone into the crosshairs. These services have lowered the barriers to entry in terms of both technical competence and price, allowing anyone to systematically attack and attempt to take down a company for less than $100. Alongside this trend is an attacker arms race to infect vulnerable devices, effectively thwarting other attackers from commandeering the device. Cybercriminals try to harness more and more Internet-connected devices to build ever larger botnets. The potential scale and power of IoT botnets has the ability to create Internet chaos and dire results for target victims.”
Sophisticated multi-vector attacks
Corero data reveals that hackers are also using sophisticated, quick-fire, multi-vector attacks against an organization’s security. One-fifth of the DDoS attack attempts recorded in 2017’s Q2 used multiple attack vectors. These type of attacks use several different techniques so that at least one, if not more, can then penetrate the target network’s security defenses.
Ashley Stephenson has also said, “Despite the industry fascination with large-scale, Internet-crippling DDoS attacks, the reality is that they don’t represent the biggest threat posed by DDoS attacks today. Cybercriminals have evolved their techniques from simple volumetric attacks to sophisticated multi-vector DDoS attacks. Often lasting just a few minutes, these quick-fire attacks evade security teams and can sometimes be accompanied by malware and other data exfiltration threats. We believe they are often used in conjunction with other cyber-attacks, and organisations that miss them do so at their peril.
“The only way to keep up with these increasingly sophisticated, frequent and low volume attacks is to maintain comprehensive visibility and automated mitigation capabilities across a network so that even everyday DDoS attacks can be instantly detected and blocked as they occur and before they cause damage.”
Ransom Denial of Service
It appears that Ransom Denial of Service, RDoS, has made a return in 2017’s Q3. The hacker group, Phantom Squad, started a wave of ransom DDoS threats in September, targeting companies throughout the US, Europe, and Asia and spanning from banking and financial institutions to hosting providers, online gaming services, and SaaS organizations. The extortion campaign threatened to launch attacks on 30 September unless a Bitcoin payment was made.
“Ransom is one of the oldest tricks in the cyber criminal’s book, and with cryptocurrency, is an anonymous way for them to turn a profit. As IoT botnets continue to rise, we may soon see hackers put on more dramatic RDoS displays to demonstrate the strength of their cyber firepower, so that their future demands for ransom will have to be taken more seriously. Paying the ransom is rarely the best defence, as it just encourages these demands to spread like wildfire. It is proven that with proper protection in place to automatically eliminate the DDoS threat, organizations will be in a much stronger position,” states Ashley Stephenson.
For access to the complete Corero DDoS Trends report, download it at http://info.corero.com/DDoS-Trends-Report.html.
About Corero Network Security
Corero Network Security is the leader in real-time, high-performance DDoS defense solutions. Corero’s award-winning technology eliminates the DDoS threat to companies’ environment through automatic attack detection and mitigation, and a complete network visibility, analytics, and reporting. This industry-leading technology provides cost-effective, scalable protection capabilities against DDoS attacks in the most complex environments while enabling a more cost-effective economic model than those previously available. For more information, visit www.corero.com.
Featured Image: facebook