Risk of follow-up DDoS attack rises to one in three, Akamai report finds

Rise in repeat attacks in during 2013

Organisations have a roughly one in three chance of a follow-up DDoS attack after a first incident, Internet giant Akamai has calculated using figures from the final quarter of 2013. This was a significant spike compared to the rest of the year.

Although quarterly figures in the firm's State of the Internet Report often reflect short-term trends, the rise in the number of organisations suffering repeat DDoS attacks was still marked, reaching 56 organisations out of a total of 162 hit during the quarter.

For 2013 as a whole (note: recent Akamai acquisition Prolexic publishes its own figures), 177 organisations were affected by repeat attacks with around half experiencing a follow-up and 69 subsequently being attacked between three and five times. A Further 22 were hit with between six and 20 times while one unfortunate outfit experienced a DDoS incident "nearly every other day," Akamai's researchers said.

Amidst the brute unpleasantness of DDoS, this sort of detail is interesting. Serious DDoS attacks are usually seen as an occasional nuisance but it is clear that for a significant subset of valuable targets they are becoming a way of life.

Using attacks (rather than unique targets) as the measure, the quarter saw 346 attacks out of a 2013 total of 1,213, a 50 percent rise over 2012, thanks in part to a spate of hacktivist DDoS against the Government of Singapore in response to Internet controls. Akamai now estimates that 2014 will see the attack total rise to around 1,700.

Akamai doesn't say much about sector-specific trends beyond noting that enterprise and commerce targets make up 70 percent of the organisations affected by DDoS attacks, which is a shame given the scale of incidents affecting US banks during the year.

Earlier this month the US Federal Financial Institutions Examination Council (FFIEC) issued new guidelines to the sector that demands the sector put in place more mitigation and have adequate response plans. The body also called for US institutions to inform the FFIEC of attacks as they occur so intelligence could be passed around the sector. At some point, disclosure could become mandatory for this kind of enterprise.

Other security-related findings in the report included that the Microsoft Windows-DS port 445 has jumped back ahead of Port 80 as the most targeted software interface, accounting for around 30 percent of traffic. SSL and Microsoft SQL are also popular. China, the US and (surprisingly) Canada were the top originating countries.

Join the CSO newsletter!

Error: Please check your email address.

Tags Configuration / maintenancesecurityhardware systemsData Centre

More about Akamai TechnologiesFinancial InstitutionsMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts