Organizations during the third quarter experienced on average 237 DDoS attack attempts each month, equivalent to eight DDoS attack attempts each day.
This figure represents a 35% increase in monthly attempts compared to just the previous quarter. These shocking findings come from the latest DDoS Trends and Analysis Report from Corero Network Security. They claim the rate of DDoS attacks is being spurred by the growing availability of DDoS-for-hire services and the explosion of unsecured Internet of Things (IoT) devices.
These weak IoT devices are infected by botnets, like for example the Reaper botnet, which has already infected thousands of devices and is believed to be dangerous because it’s able to utilize security flaws in the code of these unsecured machines. Similar to a computer worm, the botnet hacks into IoT devices and then hunts for new devices to infect in order to spread itself further.
Ashley Stephenson, CEO at Corero claims, “The growing availability of DDoS-for-hire services is causing an explosion of attacks, and puts anyone and everyone into the crosshairs. These services have lowered the barriers to entry in terms of both technical competence and price, allowing anyone to systematically attack and attempt to take down a company for less than $100. Alongside this trend is an attacker arms race to infect vulnerable devices, effectively thwarting other attackers from commandeering the device. Cyber-criminals try to harness more and more internet-connected devices to build ever larger botnets. The potential scale and power of IoT botnets has the ability to create internet chaos and dire results for target victims.”
Corero data also found that hackers are executing sophisticated, quick-fire, multi-vector attacks against organizations security. Stephenson added, “Cyber-criminals have evolved their techniques from simple volumetric attacks to sophisticated multi-vector DDoS attacks. Often lasting just a few minutes, these quick-fire attacks evade security teams and can sometimes be accompanied by malware and other data exfiltration threats. We believe they are often used in conjunction with other cyber-attacks, and organizations that miss them do so at their peril.”
Read the article on InfoSecurity Magazine