DDoS Attacks Growing Ever-More Sophisticated and Efficient

With today’s DDoS service-for-hire community, virtually anyone can launch an attack, says recent NETSCOUT report.

DDoS Attacks Growing Ever-More Sophisticated and Efficient

By David Pitlik

The worldwide scourge of cyberthreats continues to grow. Forbes recently reported there were 2,216 data breaches and more than 53,000 cybersecurity incidents in 65 countries during the 12 months ending in March 2018.

Among those threats, distributed denial of service (DDoS) attacks remain some of the most prevalent. According to NETSCOUT’s Threat Intelligence Report, Dawn of the Terrorbit Era, DDoS attacks were up 26% in the second half of 2018 compared with the same time period in 2017. And these attacks are only getting bigger and bolder:

  • Attacks in the 100­­–200 Gbps range were up 169%
  • Attacks in the 200–300 Gbps range were up 2,500%
  • Attacks in the 300–400 Gbps range were up 3,600%

The global maximum DDoS attack size grew by 19% year over year in the last six months of 2018. In fact, the largest DDoS attack on record—a massive 1.7 Tbps—occurred early last year.

“The truth of the matter is that these very large attacks are really more about garnering publicity than anything else,” explained Steinthor Bjarnason, principal engineer at NETSCOUT. “Any DDoS attack over one gig is more than sufficient to take out a server that is not adequately defended. And increasingly, what we are seeing is DDoS attacks being used as a diversionary tactic. Cybercriminals will frequently launch a DDoS attack to distract and overwhelm security professionals, while at the same time launching a more targeted application-level or state-exhaustion attack that flies under the radar. And because the attackers are changing servers every five minutes, it becomes very difficult to detect and defend against such complex and evasive tactics.”

These kinds of multilevel tactics are also being employed by state-run advanced persistent threat (APT) group actors as part of more-sophisticated attacks aimed at disrupting critical infrastructure, creating political or economic turmoil, or stealing sensitive IP. 

The Commodization of DDoS Attacks

DDoS attacks continue to be a foundational element of the threat landscape. And as is the case with other threat vectors, DDoS tools have become increasingly commoditized. A highly businesslike DDoS service-for-hire community today makes it possible for virtually anyone to launch an attack. “The problem is that attack tools are readily available to anyone who has access to bit currency,” added Bjarnason. “A cottage industry has emerged that is very sophisticated and efficient at monetizing malicious attacks, making weapons of extreme high impact available to anyone with bad intent.”

The good news in all of this is that strides continue to be made in fighting back against these cybercriminals. International crime-fighting agencies have worked closely with law enforcement around the world to take down DDoS-for-hire services. And private sector information security professionals, such as NETSCOUT’s ASERT team, are playing an increasingly important role as they collaborate to increase awareness and disseminate effective new methods for mitigating threats and fighting cybercrime.

Download NETSCOUT’s Threat Intelligence Report, Dawn of the Terrorbit Era here

David Pitlik is a long-time technology and business writer and frequent contributor to NETSCOUT’s blog.