One for the history books: 2016's year in DDoS attacks

While 2016 certainly seemed to be one bad news item after the other, the year might not have been as dire as everyone thought. On the good news front, researchers made huge strides in precision treatments for cancer and prevention methods for Alzheimer’s, the Cubbies finally won the World Series, LeBron brought a championship to Cleveland, and Leonardo DiCaprio got his Oscar.

You know who else had a great year? The people behind DDoS attacks. They really rocked it in 2016 -- but of course that’s terrible news for everyone else.

Top trends of 2016

DDoS stands for distributed denial of service, which is the name given to cyberattacks that work to overwhelm the network resources or bandwidth of a target website or online service with a major amount of malicious traffic to either take the target offline, or slow it down so much that its users cannot use it. A DDoS attack does so by hitting the target with traffic from a botnet, which is a network of internet-connected devices that have been infected by malware that allows attackers to control them remotely.

Distributed denial of service attacks have been a problem for website and business owners for over a decade, but the last few years have seen a tremendous increase in the size and frequency of these attacks, and according to the Q4 2016 Global DDoS Landscape Report from DDoS protection provider Incapsula, those trends ramped right up in 2016.

Big bad botnets

In years past, the most staggeringly sized DDoS attacks have come courtesy of amplification attacks like DNS and NTP attacks. Over the course of 2016 the number of amplification attacks steadily declined, with DNS attacks falling 10.2 percent in popularity and NTP attacks dropping 6.7 percent

Yet while the biggest attack Incapsula mitigated in Q1 2016 weighed in at 200 Gbps, by Q4 they were handling a 650 Gbps attack, the biggest their service had ever dealt with at the time. Anyone who has kept any sort of eye on online security news knows this growth in attack size wasn’t unique to Incapsula’s clients. The end of the year was dominated by news of Mirai, a botnet made up of an unprecedented 400,000+ devices, all coming from the Internet of Things. In its short career Mirai has rung up some of the biggest and most high-profile attacks in the history of the internet, with its 1.2 Tbps attack on the Dyn DNS server so far still standing as the biggest to have ever occurred.

It's been Mirai’s high-profile targets that have attracted headlines, but with the Mirai botnet as well as also-massive Mirai variant botnets available as DDoS for hire services, rest assured that the Mirai malware is claiming many more victims and will continue to do so for the foreseeable future.

Speaking of DDoS for hire

As Incapsula points out, a DDoS for hire service can now be accessed for just $5. In other words, anyone with an internet connection and a mere $5 can direct a DDoS attack at any website on the internet, causing costly downtime and eroding all-important user trust and loyalty.

With these services now cheaper and easier to access than ever, the number of distributed denial of service attacks happening has gone up and stayed there. Where Incapsula was mitigating an average of 697 attacks per week in Q1, in Q2 and Q3 that number increased to over 1200. Q4 did see a bit of a decline from Q3’s peak, but that decline only brought the average number of attacks per week to 1173 in the quarter.

Another side effect of the commodified DDoS attack as well as the overall increase in attack frequency is the number of attacks to which targets were subjected. From Q1 to Q4 the number of Incapsula-protected websites that were targeted by just one attack fell from 50.1 percent to 41.7 percent, while the number that were in the crosshairs of 6+ attempted attacks rose from 18.1 percent to 24.3 percent. Overall, the Incapsula-protected sites that were targeted by DDoS assaults were subjected to an average of 8.48 attack attempts over the course of a quarter.

Looking to 2017

At this point, what truly matters about 2016 is what it means for 2017. Not only are DDoS for hire services not going anywhere, but they are likely going to ramp up their threat levels on two fronts. While the average service will only get cheaper and more accessible, making it even easier for anyone to launch an attack and therefore making these attacks even more common, Mirai and other IoT-powered botnets will continue to get bigger, and while those for hire services will certainly be a lot more expensive than $5 a pop, the damage they’ll do will be devastating for the sites and businesses affected.

If it’s going to be a better 2017 than 2016 from a cybersecurity standpoint, the overwhelming DDoS trend needs to be websites and businesses investing in professional DDoS protection. Otherwise come 2018 we can all expect some truly frightening stats.

Photo Credit: Fabio Berti/Shutterstock

Debbie Fletcher is an enthusiastic, experienced writer who has written for a range of different magazines and news publications over the years. Graduating from City University London specializing in English Literature, Debbie's passion for writing has since grown. She loves anything and everything technology, and exploring different cultures across the world. She's currently looking towards starting her Masters in Comparative Literature in the next few years.