Organizations experienced an average of 237 DDoS attack attempts per month during the third quarter (equivalent to eight cyber attacks on DDoS attempts every day), which represents a 35% increase in monthly attempts compared to the previous quarter, and a 91% increase in monthly attack attempts compared to Q1.
That’s according to the latest DDoS Trends and Analysis report from Corero Network Security, which found that the rate of cyber attacks, which is based on DDoS attack attempts against Corero customers, is being spurred along by the growing availability of DDoS-for-hire services, and the proliferation of unsecured internet of things (IoT) devices.
For example, the Reaper botnet is known to have already infected thousands of devices, and is believed to be particularly dangerous due to its ability to utilize known security flaws in the code of those insecure machines. Like a computer worm, it hacks into IoT devices and then hunts for new devices to infect in order to spread itself further.
In addition to the frequency of attacks, the Corero data reveals that hackers are using sophisticated, quick-fire, multi-vector attacks against an organization’s security. A fifth of the DDoS attack attempts recorded by Corero during Q2 2017 used multiple attack vectors. These attacks utilize several techniques in the hope that one, or the combination of a few, can penetrate the target network’s security defenses.
Corero also observed a return of ransom denial of service, or RDoS, in the third quarter. A widespread wave of ransom DDoS threats from hacker group Phantom Squad started in September, targeting companies throughout the US, Europe and Asia. The extortion campaign spanned a variety of industries—from banking and financial institutions, to hosting providers, online gaming services and SaaS organizations—and threatened to launch attacks unless a Bitcoin payment was made.
“Ransomware is one of the oldest tricks in the cyber-criminal’s book, and with cryptocurrency, is an anonymous way for them to turn a profit,” said Ashley Stephenson, CEO at Corero. “As IoT botnets continue to rise, we may soon see hackers put on more dramatic RDoS displays to demonstrate the strength of their cyber firepower, so that their future demands for ransom will have to be taken more seriously. Paying the ransom is rarely the best defense, as it just encourages these demands to spread like wildfire. It is proven that with proper protection in place to automatically eliminate the DDoS threat, organizations will be in a much stronger position.”