Record-shattering Q3 DDoS Attack Volume Suggests the Need for Better Protection

A recent report covering the third quarter of 2021 saw the highest numbers of DDoS attacks ever. Things were relatively calm in July, but the attacks surged towards the middle of the quarter when the attacks exceeded 1,000 per day and peaked at 8,825 on August 18.

The problem with DDoS is indeed far from over. Ransomware may have dominated the news cycles recently, but distributed denial-of-service remains to be a major problem especially for businesses whose operations are largely web-based.

If it is any consolation, the durations of the DDoS attacks have declined. This is largely due to the decrease in the volume of attacks that last a minimum of 50 hours. However, while the trend among attacks now has shifted to short bursts, it also means that attackers are gunning at more targets.

The need for reliable advanced DDoS protection

Aside from the considerably growing volume of attacks, new DDoS attack vectors have also emerged recently. For example, Security researchers from the University of Maryland and the University of Colorado at Boulder have discovered that it is possible to exploit the TCP protocol to compromise firewalls as well as network address translators and deep packet inspection tools. Even closed ports can also become the subject of attacks like what happens with the so-called “Black Storm,” which targets communications service provider networks.

All of these show the need to upgrade to advanced DDoS protection to cover the latest threats and deal with them more efficiently. Cyber attacks are becoming more creative that it is important for defenses to be equally updated in response to the evolution of the threats. It is not enough to have instant attack notifications and high-security visibility. For optimum performance, DDoS solutions should also seamlessly integrate with the SIEM an organization is using. It is also a big advantage to be capable of doing Layer 3/4 and Layer 7 event correlation. Also, latency should be kept at the lowest possible level and there has to be real-time capacity management.

Moreover, it is important to have advanced protocols in responding to attacks. The Back Storm attack mentioned earlier, for example, unleashes a serious adverse impact on an organization even though it targets banned resources or closed ports. Conventional systems are unlikely to have protections for closed ports or mechanisms that take into account the possibility that a denial-of-service stems from the targeting of closed ports.

Several other new DDoS vectors have been observed over the past months and years. It is reckless to ignore these and stick to traditional solutions. The highly prolific Mēris botnet has victimized New Zealand’s post mail service, MetService weather service, and a few banks. There were also other DDoS attacks that led to downtimes for the Russian publication Vedomosti and the gaming servers of Final Fantasy XIVI in Europe.

Why organizations should take DDoS attacks seriously

Those who know little about what DDoS means will likely downplay the impact of this form of cyberattack. It is important to emphasize that the adverse outcomes of complex denial-of-service are not limited to temporary downtimes. The adverse effects of going down after an attack are not only short-term and plain attempts to encumber the operations of an organization.

According to network security expert Sean Newman, the average cost of a DDoS attack in the United States in 2021 is around $218,000. This includes the losses from the disruption in business activities, loss of customer confidence, as well as the expenses for remediation and compensation. The amount can go insanely high depending on the nature and scope of a business. The cost of the DDoS attack on Bandwidth.com this year, for example, neared the $12 million mark. 

The serious consequences of a DDoS attack, however, do not end with the operating losses and remediation expenses. A cyber threat intelligence analyst Stefano De Blasi explains, “cybercriminals typically conduct DDoS operations to temporarily disrupt a target’s infrastructure or act as a decoy for more dangerous activity.”

A DDoS attack can be accompanied or followed by a ransomware infection significantly raises the cost or damage. A 2021 ransomware threat report reveals that the average cost of dealing with a ransomware attack has tripled to over $300,000 compared to its level in the previous year. DDoS attacks may also mislead security teams from detecting other forms of cybercrimes like insiders stealing from an organization or sabotaging its business activities. DDoS may also be used to conceal phishing and other social engineering schemes.

Worst yet to come

What’s even worse than the bad news of staggering DDoS attacks is the fact that the worst has yet to come. More attacks are expected to happen in the years to come, and it is very unlikely for things to mellow down let alone for DDoS to become irrelevant in the near future. A DDoS report indicates that the DDoS market is growing at a pace that is similar to what was observed before cryptocurrencies rose to popularity. 

“DDoS services are in demand, and the prolonged (DDoS service) supply shortage has likely led to an increase in prices in this market, making it profitable for botnet operators (who directed their resources to crypto mining) to resume attacks. As such, the DDoS market seems to be returning to the growth rate we saw in late 2019,” the report writes.

Organizations that downplay the impact of DDoS are the ones most likely to suffer the extreme outcomes. A denial-of-service event is not just a temporary hiccup in business activity. It entails different kinds of losses and other threats that can result in even bigger damages.

No excuse not to get adequate protection

DDoS perpetrators may have developed more powerful and aggressive attacks, but security providers have correspondingly stepped up with their solutions. Businesses with zero expertise and experience in preventing and mitigating denial-of-service attacks can rely on reputable third-party security service providers. It is possible to come up with in-house custom DDoS protection, but it is generally more convenient and efficient to turn to established solutions on the market.

If the constantly evolving nature of cyber threats and the serious financial and reputational costs are not compelling enough reasons to get better protection, the fact that DDoS can be a mere smokescreen for a graver cyber assault should be. Ignoring and understating the seriousness of distributed denial-of-service threats is like securing a building with web-connected CCTV cameras that all rely on AC power and fiber internet with their cables conspicuously exposed in front of the building.