Distributed denial-of-service attacks continue to be popular among hackers, a situation that could open doors for channel partners with the appropriate expertise.
In the first quarter of 2017, the number of DDoS attacks swelled by 380% year over year, with some taking up hundreds of Gbps of bandwidth, according to a DDoS report from Nexusguard, a security solution supplier to managed security services providers and other customers. "Hackers continue to rely on DDoS attacks because they are effective," said Donny Chong, product director at Nexusguard.
Other recent reports also point to an intensification of DDoS activity. Earlier this year, Deloitte Global, a consulting and advisory firm, predicted DDoS attacks would become "larger in scale" and "harder to mitigate" in 2017. And in May, Neustar Inc., a real-time information services provider, issued a report highlighting a growing connection between DDoS and ransomware attacks. According to the report, ransomware cases reported in conjunction with DDoS attacks increased 53% since 2016.
In a DDoS attack, hackers use botnets to bombard a website or network connection to temporarily, indefinitely, or permanently interrupt an organization's internet services and disrupt the business. The attacks continue until the hacker stops or internet service providers identify the source and block the incoming traffic.
A differing profile
These attacks occur for a variety of reasons, according to Ron Culler, CTO at Secure Designs Inc., a managed security services provider based in Greensboro, N.C. In some cases, individuals or special interest groups use them to make political statements. For instance in June, Al Jazeera, a news network based in Qatar, was targeted by DDoS assaults affecting its internal systems as well as the ability of users to reach the network's website. Other possible reasons for a DDoS attack include a disgruntled ex-employee retaliating for getting fired or an angry consumer seeking payback for a perceived wrong.
Creating an attack has become fairly simple. The bad guys have created DDoS-as-a-service solutions, so malcontents can rent them for as little as $100 per week, according to Michelle Drolet, CEO at Towerwall, an IT security services company based in Framingham, Mass.
A dynamic landscape
Nexusguard found that the attack profile has been changing in a couple of ways. Hackers are taking fewer holidays: major attacks recently took place during Valentine's Day and over the Chinese New Year, which had not occurred in the past.
Fierce attacks (those pepper sites with 10 Gbps or more of data) now occur regularly. The percentage of days with such attacks grew significantly: from 48.39% in January to 64.29% in March, according to the Nexusguard DDoS report. Some attacks have become ginormous: Hackers combined two different disruptions so one enterprise found itself fending off more than 500 Gbps of malware, according to Towerwall's Drolet.
In addition, the attacks are becoming more sophisticated. Most (93.75%) of the attacks occurred in a varied pattern, where hackers mix the volume and type of attack, making them more difficult to thwart, the Nexusguard DDoS report stated. Such attacks require multi-layered defense mechanisms, which are costly and too complex for some enterprises' defense mechanisms.
Opportunities for partners
The bad news for corporations presents channel partners with opportunities. Businesses need help understanding how serious these threats are and what security tools can help them. For its part, Nexusguard offers three cloud services to ward off DDoS attacks: one for application level attacks, a second for the networking layer, and a third to protect against domain name service attacks.
Moving forward, corporations are expected to continue struggling warding off DDoS threats. The good guys and the hackers have been engaged in a game of technology leap frog, and the bad guys upped their game significantly since the start of the year.
Additional reporting by John Moore
Gain insight into IoT botnet DDoS attacks
Read how the APAC region is faring with DDoS
Learn more about DDoS protection offerings