Most DDoS Attacks Are Still Low Volume And Short, Says Corero

Corero, a provider of DDoS defence solutions that detect and mitigate attacks automatically, has released its annual trends report, providing a snapshot of what’s happening on the world’s networks.

Corero says that, unsurprisingly, in the past year the average volume of attacks continued to rise. In January 2019, for example, a DDoS SYN attack peaked at 500 million packets per second.

But as headline-grabbing and potentially disruptive as these big attacks are, the depressing reality is that the vast majority of attacks (98%) are below 10Gbit/s and less than 10 minutes in duration. In layman’s terms these are the volume crimes of the network industry – they may not bring your network down, but they sap its resources, affect QoS and could be a precursor to other, more serious attacks.

This latter factor is something Corero’s report highlights. Organisations have a 25% chance of being re-attacked within 24 hours, rising to 36% within 90 days.

DDoS attacks are becoming more of a threat not just because they are ever-more sophisticated, more frequent and larger, but because business customers are more reliant on network performance than ever before. They therefore not only threaten business continuity, but the experience these same businesses provide to their own customers – affecting their service offering and brand reputation.

Smaller attacks though are often overlooked – acting as limescale in the industry’s communication pipes and affecting the service provided to customers.

With all the focus currently being places on monetising key network attributes from fibre and 5G investments (such as ultra low latency), keeping your networks clean and free of anomalous traffic has never been more important in order to maintain a high level of QoS and low latency. Doing so requires service providers and their customers to adopt a range of measures to detect, monitor and combat DDoS – including those low-level attacks that affect performance but often go undetected.

“Proactive DDoS protection is a critical element of any cyber security defence against loss of service availability,” commented Ashley Stephenson, Corero’s CEO. “Most of the DDoS attacks that we highlight in this report cannot be adequately defeated with traditional Internet gateway security solutions such as firewalls and Intrusion Prevention Systems. Similarly, on-demand cloud-based DDoS scrubbing alternatives cannot react quickly enough to mitigate the short-duration attacks that are now impacting businesses every single day”.

Baking the effects of anomalous traffic into the business model by simply adding extra capacity is unsustainable. It means that capacity is currently being wasted on unbilled traffic, and extra investment is being authorised when optimising existing capacity could be done at a fraction of the cost.

‘How clean is your network?’ is thus a question that investors,  as well as customers, should be asking communications service providers.

Download a copy of Corero’s report here.