Security report finds 50X increase in DDoS attack size in past decade

Mostly a nuisance and nothing more than an independent event a decade ago, distributed denial-of-service (DDoS) is now a very serious threat to business continuity and the bottom-line, according to the 10th Annual Worldwide Infrastructure Security Report (WISR) released by Arbor Networks.

DDoS attacks today are now components of complex, often long-standing advanced threat campaigns. The largest DDoS attack reported in 2014 was 400Gbps; ten years ago the largest reported attack was a mere 8Gbps.

Application-layer attacks were experienced by 90 percent of respondents in 2014. Ten years ago, 90 percent of respondents cited simple “brute force” flood attacks as the most common attack vector.

The human element continues to be a factor in defensive capabilities – not just today, but throughout the last ten years of WISR reporting. Just in the past year alone, 54 percent of respondents reported difficulty hiring and retaining skilled personnel within their security organizations.

“In 2004, the corporate world was on watch for self-propagating worms like Slammer and Blaster that devastated networks the year before; and, data breaches were most likely carried out by employees who had direct access to data files,” said Arbor Networks Director of Solutions Architects Darren Anstee. “Today, organizations have a much wider and more sophisticated range of threats to worry about, and a much broader attack surface to defend. The business impact of a successful attack or breach can be devastating – the stakes are much higher now.” 

Attacks are Growing in Size, Complexity and Frequency

The largest reported attack in 2014 was 400Gbps, with other large reported events at 300, 200 and 170Gbps with a further six respondents reporting events over the 100Gbps threshold. Ten years ago, the largest attack was 8 Gbps.

Ninety percent of respondents reported application-layer attacks and 42 percent experienced multi-vector attacks that combine volumetric, application-layer and state exhaustion techniques within a single sustained attack.

In 2013, just over one quarter of respondents indicated they had seen more than 21 attacks per month; in 2014, that percentage has nearly doubled to 38 percent. 

Enterprises Are Under Assault

Nearly half of respondents saw DDoS attacks during the survey period, with almost 40 percent of those seeing their Internet connectivity saturated.

Over one third of organizations had Firewall or IPS devices experience a failure or contribute to an outage during a DDoS attack.

Over one quarter of respondents indicated that they had seen attacks targeting cloud services.

Just over one third of respondents indicated an increase in security incidents this year, with about half indicating similar levels to last year. 40 percent of respondents felt reasonably or well prepared for a security incident, with 10 percent feeling completely unprepared to respond to an incident.

Data Centers are a High-Volume, High-Impact Target

This underscores just how critical of an issue this continues to be for data center operators: downtime means not just lost business for the data center operator, but the collateral damage extended to their customers operating business critical infrastructure in the cloud.

Operational expense is the top cost attributed by data center operators to DDoS events. This shows the increasingly high costs of defending against growing attacks and the priority data center operators place on DDoS mitigation.

Revenue loss due to DDoS is up sharply. Forty-four percent of data center respondents  experienced revenue losses due to DDoS. 

Just under half of respondents indicated they had their firewalls experience or contribute towards an outage due to DDoS. This is up from 42 percent last year. Load balancers also saw issues, with over one third of respondents seeing these fail due to DDoS, in the last year.