In a sea of cybersecurity threats, a monster tsunami of Distributed Denial of Service (DDoS) attacks is cresting and threatens to swamp companies and consumers alike.
A study released today by cybersecurity firm Neustar Security confirmed the fears of executives and IT professionals: DDoS attacks are rapidly becoming more powerful and more copious.
Barrett Lyon, the firm’s head of research and development, cast doubt on the cyber-preparedness of SMBs and enterprise companies. “DDoS attacks are the zeitgeist of today’s internet,” Lyon said. “The question organizations must ask now is how they are prepared to manage these highly disruptive events.”
SEE: How risk analytics can help your organization plug security holes (Tech Pro Research)
The question is particularly germane, given the results of the report. To learn how DDoS attacks impact organizations, Neustar partnered with Harris Interactive Neustar to conduct a global survey of 1,010 IT managers, CISOs, CTOs, and other technical executives and directors. Half of the organizations in the study reported annual revenues ranging from $500 million to $1 billion in multiple industry verticals, including financial services, healthcare, energy, retail, and technology.
Denial of Service attacks, the survey respondents said, are attacks growing in volume and intensity. 45% of DDoS hacks exceeded 10 gigabits per second (Gbps), and 15% were at least 50 Gbps. This is double the number reported a year ago. 86% of attacked organizations were hit on multiple occasions, and 40% of those organizations report DDoS attacks on downstream clients, up nearly 30% from 2016.
“The [first quarter] attack data,” a company spokesperson said, “highlights a number of key indicators that foreshadow this year will be another challenging one from a DDoS threat landscape perspective.”
SEE: Cybersecurity in 2017: A roundup of predictions (Tech Pro Research)
The ramifications for business are significant and often have a real-dollar figure attached. 43 percent of attacked organizations report an average revenue loss of $250,000 per hour. On average, the study said, it takes enterprise organizations three hours to discover a DDoS attack and an additional three hours to mitigate the inbound data barrage.
In a disturbing trend, the Neustar study found DDoS attacks are often coupled with other cyberattacks, like ransomware. “The instances of ransomware reported in concert with DDoS attacks increased 53 percent since 2016,” the report said. “51 percent of attacks involved some sort of loss or theft with a 38 percent increase year over year in customer data, financial and intellectual property thefts.”
Generic Routing Encapsulation-based (GRE) flooding and Connectionless Lightweight Directory Access Protocol (CLDAP) have emerged as 2017’s hot attack trends, according to the report, legitimizing the fear that attacks are becoming more complex. “Multi-vector attacks have become the nearly universal experience for Neustar mitigation operations,” Neustar said, “demonstrating that attackers continue to launch more sophisticated attacks to penetrate organizations defenses.”
SEE: Electronic data retention policy (Tech Pro Research)
Alarmingly, current cyber-solutions are not enough to mitigate the rising tide of hacks. 99% of organizations in the report have DDoS mitigation policies and software in place, but 90% of organizations indicated the protections weren’t sufficient and are investing more than they did in Q1 2016.
The world generates about 2.5 quadrillion bits of data, Neustar said, and data itself can be weaponized. “Neustar isolates certain elements and analyzes, simplifies, and edits them to make precise and valuable decisions that drive results,” the company spokesperson said. “We know when someone isn’t who they claim to be, which helps stop fraud and denial of service before they’re a problem.”
Source: SANS ISC SecNewsFeed @ May 2, 2017 at 09:09AM