Organisations have a roughly one in three chance of a follow-up DDoS attack after a first incident, Internet giant Akamai has calculated using figures from the final quarter of 2013. This was a significant spike compared to the rest of the year.
Although quarterly figures in the firm's State of the Internet Report often reflect short-term trends, the rise in the number of organisations suffering repeat DDoS attacks was still marked, reaching 56 organisations out of a total of 162 hit during the quarter.
For 2013 as a whole (note: recent Akamai acquisition Prolexic publishes its own figures), 177 organisations were affected by repeat attacks with around half experiencing a follow-up and 69 subsequently being attacked between three and five times. A Further 22 were hit with between six and 20 times while one unfortunate outfit experienced a DDoS incident "nearly every other day," Akamai's researchers said.
Amidst the brute unpleasantness of DDoS, this sort of detail is interesting. Serious DDoS attacks are usually seen as an occasional nuisance but it is clear that for a significant subset of valuable targets they are becoming a way of life.
Using attacks (rather than unique targets) as the measure, the quarter saw 346 attacks out of a 2013 total of 1,213, a 50 percent rise over 2012, thanks in part to a spate of hacktivist DDoS against the Government of Singapore in response to Internet controls. Akamai now estimates that 2014 will see the attack total rise to around 1,700.
Akamai doesn't say much about sector-specific trends beyond noting that enterprise and commerce targets make up 70 percent of the organisations affected by DDoS attacks, which is a shame given the scale of incidents affecting US banks during the year.
Earlier this month the US Federal Financial Institutions Examination Council (FFIEC) issued new guidelines to the sector that demands the sector put in place more mitigation and have adequate response plans. The body also called for US institutions to inform the FFIEC of attacks as they occur so intelligence could be passed around the sector. At some point, disclosure could become mandatory for this kind of enterprise.
Other security-related findings in the report included that the Microsoft Windows-DS port 445 has jumped back ahead of Port 80 as the most targeted software interface, accounting for around 30 percent of traffic. SSL and Microsoft SQL are also popular. China, the US and (surprisingly) Canada were the top originating countries.