Distributed denial of service (DDoS) attacks are evolving, and companies must invest extra effort to keep their online businesses safe, a new study shows.
Cyber crooks are evolving their use of DDoS attacks to circumvent companies’ cyber security solutions, disrupt service availability and infiltrate victim networks, says Corero Network Security (opens in new tab).
The company, which provides security solutions against DDoS attacks, today released the findings of its inaugural Quarterly DDoS Trends and Analysis Report.
The results are based on data from the company’s hosting, datacentre, Internet service provider and online enterprise customers around the world, and analysis from its state-of-the-art Security Operations Center.
As it turns out, there are two different types of DDoS attacks, one made out of shorter bursts of attack instead of prolonged events, and partial link saturation attacks versus completely flooding the network.
Instead of longer attacks, approximately 96 per cent of DDoS attacks targeting Corero’s SmartWall Threat Defense System (TDS) customers were 30 minutes or less in duration.
In addition, the DDoS attacks were also used as a distraction while valuable data was extracted, is says in the official press release.
“Additionally, 79 per cent of the DDoS attack attempts targeting Corero’s customers between October 1 and December 31, 2014 were less than 5Gbps in peak bandwidth utilisation. These attacks were intended to partially saturate the Internet link and distract corporate security teams, but leave enough bandwidth available for a subsequent attack to infiltrate the victim’s network and access sensitive customer data or intellectual property.”
To defend against both traditional and evolving DDoS attack methods, Corero recommends organisations pursue the following measures:
- Consider implementing technology to detect, analyse and respond to DDoS attacks by inspecting raw Internet traffic at line rate - identify and block threats within the first few packets of a given attack.
- Introduce a layered security strategy focusing on continuous visibility and security policy enforcement to establish a proactive first line of defense capable of mitigating DDoS attacks while maintaining full service connectivity, availability and delivery of legitimate traffic.
- Ensure complete application and network layer visibility into DDoS security events. This best practice will also enable forensic analysis of past threats and compliance reporting of security activity.