Year after year, those who pay attention to the cybersecurity industry read a steady stream of headlines about distributed denial of service (DDoS) attacks. The September 2019 attack on Wikipedia web sites is a good example of that fact. Basically, the exploit used a familiar method, a volumetric attack, which overwhelmed website operations in multiple sites. Going beyond the sensational headlines, however, this attack had a lot to tell observers about the status of DDoS protection and attacks.
Here are four facts that caught our attention:
- The Wikipedia DDoS attack was a biggie.
For several hours, users across Europe couldn’t access the web site. Outages began on Friday and continued throughout the weekend. Users of the US and the Middle East were also affected. Although the exact attack size has not been released, security experts estimate its size as well within the terabits-per-second range, the largest of its kind in recent memory.
- 2019 DDoS attack statistics (so far) present a complex picture.
With all the column space given to takedown and mega-attacks, you’d think that they are the dominant attack type. Nope. Stats show that attack sizes are shrinking in size, but they can still do serious harm. Other sources mention that DDoS attackers are shifting to large, but shorter attacks, so the trend that matters involves the size and frequency of attack. This constant juggling of attack parameters creates the ultimate apples-and-oranges comparisons.
- More target website owners are using mitigation services.
Organizations are looking for services to protect their websites, networks, and critical infrastructure devices from DDoS attacks. The market for tech-based DDoS solutions and services is maturing. Many owners of sites that consider themselves targets now employ vendors who offer cyber-defense services. As a result, cybersecurity market analysts are predicting a 14-percent CAGR rate for 2019 to 2024.
The forces driving the growth of DDoS protection and mitigation services can be described simply: companies are getting very worried about damage to their IT operations. Some factors, such as the easy availability of DDoS-for-hire services and many more Internet of Things (IoT) devices, have been apparent for past 2-3 years. Other drivers, which have surfaced more recently, reflect the heightened danger of and damage done by DDoS attack capabilities. These include:
- More efficient attack methods, which enable an ongoing attack with fewer servers and other assets. Today, attacks can do more harm with relatively fewer resources, which makes trouble easier to start and maintain.
- More frequent, multi-vector attacks. Layering several technologies in a DDoS delivery system makes it more difficult for forensic specialists to identify root causes and respond to DDoS threats.
- A hefty increase in app-layer exploits. Once, when IT ops focused on data centers with 1 GB uplinks, it was relatively easy for volumetric attacks to flood a system. Now, it’s more difficult to fill up with sheer volume of traffic, so attackers seek easier DDoS targets: the apps themselves. Security researchers cite a 38-percent increase in application-layer attacks in 2Q 2019 compared to the previous quarter.
So, it’s probably no surprise that cybercrooks will continue to discover, develop, and reap ill-gotten gains from DDoS-related opportunities.
- The ways to stop (or at least slow down) the bad guys haven’t changed
It’s true, the occasional short-term trend indicates fewer or relatively weaker DDoS attacks occurring somewhere in global networks. However, the good news eventually slides back into headlines describing newer, stronger, more harmful DDoS exploits.
Tech-based solutions are relevant and appear gradually over months and years, but there’s still no silver bullet. The very un-sexy approaches still apply:
- Careful installation, configuration, and monitoring of all security-related tech and processes.
- Multi-layered, blended solutions, which combine machine learning, dedicated platforms, and liberal doses of human knowledge and experience.
- Steely-willed enforcement of the most basic, common-sense security rules that relate to passwords and authentication.
Combining all these capabilities in third-party protection and mitigation services can reduce the effort, costs, and distractions of day-to-day security operations. These responsive, sophisticated solutions can help IT managers get back to Job #1: keeping their IT infrastructures strong and agile. And cost-effective cloud services can help companies of any size reduce the risks of fast-changing DDoS exploits and the twisted ingenuity of attackers.