DDoS attacks on UK businesses double in six months
Vulnerable IoT devices and DDoS-as-a-service drive surge in attacks
British businesses are under siege from a growing wave of DDoS attacks, as new figures reveal the number of incidents has almost doubled over the past six months.
UK organisations suffered an average of 237 DDoS attacks per month during Q3 2017, equivalent to eight attacks every single day. This figure is up by 35% from the previous quarter, and more than 90% compared to Q1 2017, according to a new report from DDoS mitigation firm Corero, based on data gathered from attack attempts against its customers.
DDoS attacks work by flooding a target server with so much traffic that it falls over, disrupting normal operations and knocking any related systems or services offline. The tactic is a perennial favourite of cyber criminals and malicious pranksters, as it is cheap and easy to execute.
This has become even more true in recent years. The leaking of the Mirai source code, used to take down a DNS firm providing access to high profile sites like Twitter, has led to an explosion in botnets populated by thousands of unsecured IoT devices, and dark web marketplaces now allow non-technical users to cheaply hire DDoS services that can be directed against whomever they choose.
"The growing availability of DDoS-for-hire services is causing an explosion of attacks," said Corero CEO Ashley Stephenson, "and puts anyone and everyone into the crosshairs. These services have lowered the barriers to entry in terms of both technical competence and price, allowing anyone to systematically attack and attempt to take down a company for less than $100."
Cyber criminals are also getting smarter about how they deploy DDoS attacks, the research reveals. Rather than simply using sustained, high-volume attacks, criminals are instead targeting multiple layers of a company's security simultaneously with short bursts of traffic.
"Despite the industry fascination with large scale, internet-crippling DDoS attacks," said Stephenson, "the reality is that they don't represent the biggest threat posed by DDoS attacks today."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2024.
"Often lasting just a few minutes, these quick-fire attacks evade security teams and can sometimes be accompanied by malware and other data exfiltration threats. We believe they are often used in conjunction with other cyber attacks, and organisations that miss them do so at their peril."
Adam Shepherd has been a technology journalist since 2015, covering everything from cloud storage and security, to smartphones and servers. Over the course of his career, he’s seen the spread of 5G, the growing ubiquity of wireless devices, and the start of the connected revolution. He’s also been to more trade shows and technology conferences than he cares to count.
Adam is an avid follower of the latest hardware innovations, and he is never happier than when tinkering with complex network configurations, or exploring a new Linux distro. He was also previously a co-host on the ITPro Podcast, where he was often found ranting about his love of strange gadgets, his disdain for Windows Mobile, and everything in between.
You can find Adam tweeting about enterprise technology (or more often bad jokes) @AdamShepherUK.