Organizations Drag Their Feet In Detecting DDoS Attacks

A study conducted by security-solutions provider Neustar claims that more than half of public and private organizations are getting much slower at detecting and responding to distributed denial of service (DDoS) attacks. Organizations surveyed report taking three hours or more to detect a DDoS attack on their websites in the past year, with 48% saying they take at least three hours to respond to an attack. Of those participating in the survey, 43% claimed revenue losses of $250K or more per hour.

 

Essentially, a DDoS attacks consists of cyber attackers directing massive amounts of traffic to a target site. They employ an array of botnets to deluge the target site with traffic.

 

 

According to the research, many organizations do employ some type of DDoS protection, however four in 10 claim customers notify them of attacks instead of detecting attacks themselves. This represents an increase of more than 29%who said so the previous year.

 

A Security Industry Association update outlines the five major DDoS attacks that made headlines in 2016:

 

5. Russian Banks: A botnet consisting of at least 24,000 computers located in more than 30 countries trained its resources against at least five Russian banks in the beginning of November.

 

4. Rio Olympics:  Several public-facing web properties and organizations affiliated with the Rio Olympics suffered a sustained DDoS attack that lasted for several months. Beginning in September 2015, the campaign made use of a DDoS-for-hire service called LizardStresser to launch attack traffic against their targets ranging in size from tens of gigabits/sec up into the hundreds of gigabits/sec.

 

3. Clinton and Trump Campaign Sites: On  April 1, the global hacking collective Anonymous launched a DDoS campaign against Donald Trump. Later in the year, around the time of the Election Day, attackers once again made the unusual move of targeting political candidates. This time they leveraged a Mirai IoT botnet to target the campaign websites for both Hillary Clinton and Donald Trump.

 

2. Brian Krebs: In September, the blog of information security investigative reporter Brian Krebs experienced a DDoS attack. It was unusually powerful, with reports placing the peak attack traffic at around 620 Gbps – more than double the size of any attack others had ever seen.

 

1. DYN: The campaign targeted the internet performance management company’s managed DNS infrastructure, or the architecture that helps translate easily readable domain names like “tripwire.com” into numeric addresses at which websites and other Internet services are based. For a couple hours, high-profile websites like Etsy, Github, Spotify and Twitter suffered service interruptions or went offline altogether.

 

For more security insights, CLICK HERE.