Why DDoS Attacks are on the Rise

Attacks are growing in size, and “everyone has a target on their back.”

Maria Korolov

September 27, 2017

3 Min Read
Network cables and routers at a Comcast distribution center, 2014
Joe Raedle/Getty Images

Distributed denial of services attacks are becoming big business. Once the domain of bored teenagers engaging in some wanton cybervandalism, they're now a favorite tool of career cybercriminals, hacktivists, and even nation states.

The numbers are clear. DDoS attacks are getting bigger and more damaging.

According to A10 Networks, only 10 percent of 2015 attacks exceeded 50 gigabits per second in size. This year, it's up to 42 percent.

The maximum size of attacks is also on the rise.

According to Deloitte Global, the largest attacks in 2013 were 300 gigabits per second. In 2014, 400 gigabits. In 2015, 500 gigabits. Then, last year, there was a big jump -- two attacks passed the 1-terabit-per-second threshold.

Ready-to-go DDoS kits and online DDoS-as-a-service platforms are making it easier than ever for attackers to get into the DDoS business. The growth of the Internet of Things is making millions of poorly secured devices available to be roped into botnets. And the decline of formerly-profitable businesses like spam is forcing botnet operators to looks for new revenue opportunities.

It's a perfect storm.

An Explosion of New Devices

Security cameras, printers, television sets, refrigerators -- more and more devices are getting connected to the internet, and security is often an afterthought.

Related:Ransomware Grows Up, Goes After Data Centers

"Most off-the-shelf devices are using standard kernels that are easy to hack into," said Tony Kourlas, director of product marketing for Nokia’s Carrier SDN technology. "And most are using default passwords."

That makes millions and millions of devices ripe for takeovers, he said.

"The proliferation of cheap and powerful devices makes it easier than ever to build large botnets that go unnoticed by their owners," said Chet Wisniewski, principal research scientist at Sophos. "Our PCs, phones, and IoT devices are all so powerful that when commandeered by a criminal, we don't even notice them slow down or use more internet bandwidth. This allows for the slow building of incredibly large botnets that are never remediated."

Meanwhile, he added, the rise of underground marketplaces and Bitcoin-based money laundering services is making cybercrime very profitable.

Unintended Consequences

One type of cybercrime that's not seeing an increase is that of spam botnets, but it's not all good news.

Our spam filters have been getting better and better, said Matthew Prince, CEO at Cloudflare.

"I can't remember the last time I got a solicitation for Viagra in my email," he said. "And it was just a fact of life a few years ago."

Related:Cloudflare Stops Charging More for Bigger DDoS Attacks

That's a good thing for those of us who use email.

But for spammers, it means their botnets have to send out more and more spam for lower and lower return. To compensate, some switch to more lucrative payloads. Instead of offering discount drugs, they now deliver ransomware, he said.

"Clickfraud in advertising networks has definitely gone up," he added.

And another option is to use those same botnets to power DDoS attacks, Prince said.

More Botnets, More Victims

With bigger botnets, cybercriminals don't just increase the size of the attacks but also go after a wider array of targets. 

In a recent survey of 200 IT managers and executives by IDG Connect and A10, every single respondent said that they had experienced a DDoS attack.

"A very wide spread of organizations are being hit, of all different sizes," said Rich Groves, director of research and development at A10.

Companies can also fall victims of DDoS attack without being directly targeted.

One high-profile example was the DDoS attack against the big DNS provider Dyn last fall, said Al Sargent, senior director of product at OneLogin.

"Hackers are targeting DNS providers," he said. That means a single attack can bring down many different websites. In the case of the Dyn attack, that included Spotify, Twitter, Reddit, and The New York Times, among others.

"Anyone who relies on the availability of their website or servers to conduct business is a valid target for DDoS attacks," said Wisniewski. "Everyone is a target. Many years ago it was only casinos and pornography purveyors who were targeted, but today everyone has a target on their back."

About the Author(s)

Maria Korolov

Maria Korolov is an award-winning technology journalist who covers cybersecurity, AI, and extended reality. She also writes science fiction.


Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.

You May Also Like