Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

DDoS Attacks Jump by a Third in Q2

The volume of distributed denial of service (DDoS) attacks in Q2 increased by almost a third (32%) on the previous quarter, according to the latest stats from security vendor Corero Network Security.

The firm’s Trends and Analysis report for the first half of the year revealed customers experienced on average 4.5 DDoS attacks per day in the second quarter.

However, the vast majority (95%+) were less than 10Gbps and lasted less than 30 minutes.

Corero claimed that the increase was driven by the growing availability of cheap DDoS attack tools including botnets which can be hired to launch anonymous attacks very easily.

It added that shorter attacks were being launched more often in a bid to circumvent legacy cloud DDoS scrubbing tools and in some cases distract IT teams while information-stealing malware is used to grab sensitive data.

Corero Networks CTO Dave Larson explained that the vast majority of DDoS vectors aren’t used to cause service outages in the traditional sense.

“Additionally, security teams are not always aware that there is a connection between DDoS and other forms of cyber-attacks or data exfiltration attempts, so statistics that track the association are only just emerging,” he told Infosecurity.

“Historically, DDoS has been known for the ‘denial of service’, as the acronym would indicate, however we are seeing DDoS being used as a ‘denial of security’ more frequently – taking down or profiling existing network security layers in order to carry out more malicious activity. A more recent and public example is Carphone Warehouse falling victim to DDoS as a distraction; subsequently the personal details of 2.4 million customers was breached.”

Larson warned IT managers who have not yet suffered a major DDoS attack not to be lulled into a false sense of security.

“Invest some time familiarizing yourself with the trends in the DDoS landscape and start looking more closely at lower-level activity within your environment,” he added.

“When a breach does happen, claiming you had never had an outage before and so you thought your protections were just fine is not going to be very convincing to your management. The online enterprise requires a proactive and real-time approach to dealing with the onslaught of DDoS attacks targeting their networks.”

What’s Hot on Infosecurity Magazine?