DDoS attacks: $100,000 per hour is at risk during peak revenue generation periods

Neustar and Harris Interactive conducted global, independent research of 1,010 directors, managers, CISOs, CSOs, CTOs, and other c-suite executives to find out how DDoS attacks affect their organizations and what measures are in place to counter these threats. The respondents span many industries, including technology, financial services, retail, healthcare and energy.

“DDoS attacks are the zeitgeist of today’s Internet,” said Barrett Lyon, pioneer of the DDoS defense industry and Head of Research and Development at Neustar Security Solutions. “The question organizations must ask now is how they are prepared to manage these highly disruptive events. Are they prepared for the bad day where their customers call and ask why the website is down?”

DDoS attack trends

Volumetric attacks getting larger – 45 percent of DDoS attacks were more than 10 gigabits per second (Gbps). 15 percent of attacks were at least 50 Gbps, almost double the number reported last year.

Nowhere to hide – 849 out of 1,010 organizations were attacked with no particular industry spared, an increase of 15 percent since 2016. 727 – 86% of those attacked – were hit more than once.

Customers take on DDoS monitoring – 40 percent of respondents reported receiving attack alerts from customers, up from 29 percent in 2016.

Business implication trends

It’s a game of risk – 43 percent of organizations report average revenue loss of at least $250,000 per hour, with 51 percent taking at least three hours to detect an attack and 40 percent taking at least three hours to respond.

It’s a race against crime, rise in ransomware – The instances of ransomware reported in concert with DDoS attacks increased 53 percent since 2016. 51 percent of attacks involved some sort of loss or theft with a 38 percent increase year over year in customer data, financial and intellectual property thefts.

What’s in place is not enough – 99 percent of organizations have some sort of DDoS protection in place, yet 90 percent of organizations are investing more than they did a year ago and 36 percent think they should be investing even more.

DDoS season

Although Q4 is generally considered “DDoS season”, the attack data captured by Neustar highlights a number of key indicators that foreshadow this year will be another challenging one from a DDoS threat landscape perspective.

The year is off to a fast start – Q1 is generally considered “pre-season,” but Neustar is already seeing significant increases in average attack size and variety of attack vectors.

Emergence of new attack vectors – Attackers are constantly seeking new ways to turn legitimate infrastructure elements against their owners. Generic Routing Encapsulation (GRE) based flood attacks and Connectionless Lightweight Directory Access Protocol (CLDAP) reflection attacks are emerging as the new hot attack trends for 2017.

Attacks continue to get more complex – Multi-vector attacks have become the nearly universal experience for Neustar mitigation operations, demonstrating that attackers continue to launch more sophisticated attacks to penetrate organizations defenses.