DDoS (Distributed Denial of Service) attacks surged in 2020. They became not only more numerous, but also much bigger and more complex. As a result, a lot of current platforms are unable to cope with the largest attacks, leaving many companies defenceless against cyber criminals who are more determined than ever before. Here is an overview of how DDoS attacks are evolving and why you should never go without an effective anti-DDoS solution.
It seems like the Covid-19 pandemic has exacerbated the appetite of cyber criminals. At any rate, it has definitely increased opportunities to steal data and extort money, two of the objectives pursued by perpetrators of DDoS attacks.
Companies all over the world have had to enable employees to work from home - often in a hurry - with little forethought about the security impacts this may have and the adaptations it requires. In many cases, this made networks more vulnerable to attacks.
And with lockdowns in place in many countries, online businesses of all kinds have prospered, making them prime targets for anyone with the nefarious objective of extorting money in exchange for an operational e-commerce website.
Nowadays, almost anyone can initiate a DDoS attack: “DDoS-for-hire” services are easy to find online. To pass for legal services their creators call them “stressers”, pretending they are designed to test the resilience of a server. Microsoft estimates that in 2020, the average price of a one-hour DDoS attack was $48, a one-day attack was $134, and a one-month attack was $1,000.
DDoS attacks exploded in 2020, growing by over 19% compared to 2019. Over 10 million attacks were identified worldwide in the past year. The figure is overwhelming: it equates to over 27,600 attacks per day, or 19 every single minute.
May 2020 was probably one of the worst months in terms of the Covid-19 crisis, as companies and governments alike were still trying to figure out how to best react to protect their citizens and employees’ health and their economies. In that month, around 929,000 DDoS attacks occurred, making it the largest number of incidents ever seen in a single month.
Attackers focused on healthcare, e-commerce and educational services. This is not surprising as these are the services that have prospered the most in their digital forms since the beginning of the pandemic.
In addition to becoming more numerous, DDoS attacks have also considerably increased in scale.
While the largest reported attack in 2018 reached 1.7 terabytes per second (Tbps), the largest one reported in 2020 peaked at 2.3 Tbps.
And we are also starting to discover that even bigger attacks are possible: back in October, Google revealed it had prevented a 2.5 Tbps DDoS attack in 2017, the largest attack ever recorded in history.
Experts estimate that DDoS attacks will continue to move towards having a shorter attack duration but with a greater packet-per-second attack volume, and that terabit-sized volumetric attacks will become more common.
Finally, another challenge faced by legacy DDoS protection systems is the use of multiple vectors in the same attack. Even if an attack like this is detected, the vectors are changed so quickly that legacy and manual solutions cannot implement mitigation techniques fast enough to prevent its damaging effects. According to some research, most attacks now consist of eight or more vectors, often deployed over the course of just a few minutes.
Very large DDoS attacks (more than 15 attack vectors) increased by 125% in the third quarter of 2020 compared to the same period in the previous year.
Anti-DDoS protection is therefore critical. All sectors are targeted but e-commerce companies and more generally any company that conducts most of its business online have the most to lose.
The average cost of a single DDoS attack for a major company is $2 million. SMEs fare no better: it is estimated that DDoS attacks cost them an average of $120,000 in 2019.
Another important effect of DDoS attacks must not be underestimated: the cost of employees’ productivity losses. When networks or business-critical servers are down, employees’ efficiency drops sharply. Even simply losing access to emails can profoundly disturb anyone’s work these days.
Gartner has estimated that such losses could amount to $300,000 per hour, definitely not a figure that can be taken lightly.
