DDOS attack size up 50-fold over past decade

The size of the largest DDOS attack was fifty times larger last year than ten years ago, according to a new survey of Internet service and hosting providers, and attacks are also increasing in numbers and in sophistication.

The largest reported attack last year was 400 gigabits per second, compared to just 8 Gbps in 2004 -- and 100 Gpbs in 2010.

"The growth is not straight line," said Gary Sockrider, solutions architect at Burlington, Mass.-based Arbor Networks, Inc. and the author of the report. "It's more of a hockey stick."

By comparison, the total bandwidth of the entire Internet grew 42-fold over the same period, according to data from Cisco, from an average of 570 Gbps in 2004 to 24,000 Gbps in 2014.

The growth of the Internet as a whole actually helps the attackers, Sockrider said, since the botnets can get larger.

"They have to come from somewhere," he said.

But the number of defending organizations is also growing, and the bandwidth available to DDOS targets isn't expanding at the same pace.

"There are not too many places on the planet where 400 gigabits of Internet traffic is aggregated in one location," said Sockrider.

About two-thirds of the data center operators who took part in this year's survey said that they had DDOS attacks -- and 33 percent said that the attacks exhausted their Internet bandwidth.

"But the bigger story is the massive increase in very large attacks," he said. "In 2013, we saw less than 40 attacks that were more than 100 gigabits per second. In 2014, we saw 159 individual attacks over 100 gigabits, and five attacks over 200 gigabits."

The attacks are also growing in sophistication, he said.

Ten year ago, volumetric attacks dominated. Today, there are also state exhaustion attacks and application layer attacks, as well as attacks that combine all three vectors.

"The result is to keep you down longer and make it harder to defend against attacks," said Sockrider.

The purpose of the attacks has also changed.

The top three motivations have stayed the same over the past few years -- politics and ideology, vandalism, and online gaming.

"It speaks to how easy these attacks have become to perpetrate," he said. "We actually see instances where online gamers will DDOS the gaming infrastructure just to gain a competitive advantage in playing and winning an online game."

But the use of DDOS attacks as a diversion to cover up for other types of malicious activity has been growing, as has extortion and marketing.

For example, he said, DDOS attacks are increasingly seen in combination with advanced persistent threat campaigns.

"The campaign may have been doing on for a long time, but at the point where they're ready to exfiltrate the data -- the DDOS attack comes," he said. "It's used as a diversion or distraction, so you don't notice that they're extracting the data."

Extortion has moved up on the list, accounting for 20 percent of attack motivations this year, up from 15 percent last year.

Even more attacks -- 28 percent -- are motivated by the criminals using them for marketing, to demonstrate their capabilities to would-be customers.

"Organizations that offer DDOS for hire are giving free trials," Sockrider said. "They'll take someone down for five minutes just to prove that they can."

DDOS attacks are also used to manipulate financial markets, to hurt competing businesses, or in disputes between rival criminal gangs.

Join the CSO newsletter!

Error: Please check your email address.

Tags arbor networksnetwork securitysecurity

More about Arbor NetworksInc.

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Maria Korolov

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place