DDoS attacks are up -- and getting more sophisticated
Yes, I know, on Tuesday we reported on a study showing that DDoS attacks were down in frequency, though increasing in severity. But another report from Corero Network Security now suggests that they've actually increased in numbers.
Measuring the number of DDoS attacks is beginning to look like asking how long a piece of string is. Anyway, Corero says that attacks are up with its customers experiencing attack 3.9 attempts per day.
It also finds that they're getting more sophisticated in an effort to evade security measures. Corero’s data points to two new trends in DDoS attacks, short bursts of attack traffic instead of prolonged events, and partial link saturation attacks rather than completely flooding the network. Around 96 percent of attacks targeting Corero’s SmartWall Threat Defense System lasted for 30 minutes or less.
Also 79 percent of the DDoS attack attempts targeting the company’s customers between October 1 and December 31, 2014 were less than 5Gbps in peak bandwidth utilization. These attacks were intended to partially saturate the Internet link and distract corporate security teams, but leave enough bandwidth available for a subsequent attack to infiltrate the victim’s network.
Corero's full report is available to download from the company's website.
As to why these findings differ from those of Black Lotus we asked Corero Network Security's CTO, Dave Larson. "Corero’s findings are different from other vendor-driven analyses of the DDoS landscape, primarily due to the deployment and positioning of DDoS mitigation appliances in customers' networks," Larson says. "Corero’s SmartWall Threat Defense System (TDS) is deployed at the very edge of the customer network or at the Internet peering points as a first line of defense – inspecting and mitigating all the traffic from the Internet in real time before attacks can impact the customer environment. Cloud-based anti-DDoS solutions only have insight into the attack traffic that is re-routed to them for scrubbing, well after an attack has permeated the network, so their data only represents that traffic. While those reports offer very interesting data points about large-scale DDoS attacks, that is only a fraction of the DDoS traffic an organization faces on a daily basis. With its position on the front lines of an organization’s network, Corero has a complete view of the DDoS attacks targeting corporate networks -- whether they’re high volume attacks or sub-saturating events".
So there you have it, how bad the DDoS problem is all depends on where you're measuring from. How long was that piece of string again?