A 91 per cent increase is recorded in DDoS activity as criminals seize on unsecured IoT devices to launch attacks, according to Corero.
Businesses are facing a surge in DDoS attacks with the number of episodes almost doubling over the last year, according to figures released by Corero.
The IT security company claims that organizations encountered an average of 237 DDoS attack attempts per month during the third quarter of 2017 – equivalent to eight DDoS attack attempts every day.
The data, based on DDoS attack attempts against Corero customers, represents a 35 per cent increase in monthly attack attempts compared to the previous quarter (Q2 2017).
It said the increase in frequency is because of the growing availability of DDoS-for-hire services, and the proliferation of unsecured IoT devices.
Ashley Stephenson, CEO at Corero, said that the growing availability of DDoS-for-hire services is causing an “explosion of attacks, and puts anyone and everyone into the crosshairs”.
Low barrier to entry
“These services have lowered the barriers to entry in terms of both technical competence and price, allowing anyone to systematically attack and attempt to take down a company for less than $100,” he said.
“Alongside this trend is an attacker arms race to infect vulnerable devices, effectively thwarting other attackers from commandeering the device. Cyber criminals try to harness more and more Internet-connected devices to build ever larger botnets. The potential scale and power of IoT botnets has the ability to create Internet chaos and dire results for target victims.”
According to the company’s latest DDoS Trends and Analysis report, hackers are using sophisticated, quick-fire, multi-vector attacks against organizational security. It said that a fifth of the DDoS attack attempts recorded during the second quarter of 2017 used multiple attack vectors. These attacks utilize several techniques in the hope that one, or the combination of a few, can penetrate the target network’s security defences.
“Despite the industry fascination with large scale, internet-crippling DDoS attacks,” said Stephenson, “the reality is that they don’t represent the biggest threat posed by DDoS attacks today.”
“Often lasting just a few minutes, these quick-fire attacks evade security teams and can sometimes be accompanied by malware and other data exfiltration threats. We believe they are often used in conjunction with other cyber attacks, and organisations that miss them do so at their peril.”