Even though the number of DDoS attacks decreased over 2019, their complexity and size increased significantly, according to new research from the National Scrubbing Center against DDoS attacks.
Distributed Denial of Service (DDoS), where the perpetrator seeks to disrupt a targeted IT infrastructure, is a leading cause of business disruption today. This extends to critical infrastructures like power plants, healthcare facilities, education institutions and government entities.
New research from NaWas by NBIP reveals that DDoS attacks in 2019 became much bigger and more complex that in 2018. This, even though the number of attacks fell slightly.
The reasons behind a DDoS attack vary. State-sponsored campaigns may seek to disrupt critical infrastructures in rival states. Profit-oriented attackers may demand ransom to free up systems. Examples abound. But whatever the reason, the outcome is typically very disruptive and expensive for the victim.
On average, downtime can cost a company up to $67 million over two years. In the case of small and medium businesses (SMBs) struggling with cybersecurity, downtime costs can climb up to $50,000 per hour.
Octavia de Weerdt, managing director of NBIP, reveals in a new report that the largest attack recorded by NBIP last year stood at 124 Gbps, while the most complex strike used as many as 30 different methods (i.e. 30 attack vectors) in a single attack.
“In 2018, the largest attack we saw was 68 Gbps, while the maximum number of vectors was 12. These are big differences for which we unfortunately can’t give an immediate explanation,” de Weerdt remarked.
The NBIP has been publishing data on DDoS attacks since 2017, a year that saw no attacks of 40 Gbps or more. By contrast, 2019 saw no attacks of less than 40 Gbps in the top 10 largest DDoS attacks. And in the first quarter of 2020, the not-for-profit already observed a DDoS attack of 140 Gbps.
“There is a continuous arms race regarding DDoS attacks,” said De Weerdt. “Attackers try to find new vulnerabilities and methods to carry out a successful attack. Organizations that are victims of DDoS attacks meanwhile try to adapt their mitigation capabilities accordingly. This arms race will not end for the time being.”