According to Neustar‘s 2015 North American Denial of Service (DDoS) Attacks & Impact Report, 32 percent of U.S. companies say a DDoS attack would cost them more than $100,000 in revenue per hour.
Eleven percent say DDoS attacks can lead to more than $1 million in hourly revenue losses.
The report, based on a survey of more than 500 U.S. executives and senior professionals, also found that 40 percent of businesses say DDoS attacks are a growing threat to their organization.
Among companies that have been hit by DDoS attacks, 85 percent were hit multiple times, and 30 were attacked more than 10 times per year. Over a quarter of those attacked said they suffered a loss of customer trust and brand damage as a result.
“A website attack that was once considered to be an IT problem now reverberates and can cause significant brand damage that affects all organizational employees and its customers,” Neustar director of security services Margee Abrams said in a statement.
The Neustar report also found that 51 percent of respondents say they’re investing more in DDoS protection solutions than they were a year ago.
Notably, 45 percent of businesses say it takes them more than an hour to detect a DDoS attack — and after detection, 51 percent say it takes them more than an hour to respond.
But according to NSFOCUS‘ biannual DDoS Threat Report, that response would come far too late in the vast majority of cases — the report states that 90 percent of DDoS attacks in 2014 lasted less than 30 minutes in total.
“This shorter attack strategy is being employed to improve efficiency as well as distract the attention of IT personnel away from the actual intent of an attack: deploying malware and stealing data,” the NSFOCUS report states. “These techniques indicate that today’s attacker continues to become smarter and more sophisticated.”
In one attack event in December 2014, NSFOCUS found that one third of attack sources were smart devices such as webcams and routers.
Such devices, the NSFOCUS report notes, offer several key benefits to attackers, including relatively high bandwidth, a long upgrade cycle (many are never upgraded after deployment), and 24/7 online availability.
“In 2H 2014, the reflective amplification distributed denial of service attacks that abuse the Simple Service Discovery Protocol (SSDP) emerged as the most potent and increasingly favored attack vector,” the report states.
NSFOCUS says more than 7 million smart devices could be exploited globally to launch such attacks, which can amplify attack bandwidth by as much as 75 times.
“With IoT bringing billions of such devices online, there will be an exponential growth in SSDP-type attacks,” the report notes.
The NSFOCUS report also predicts that 2015 will see the peak traffic of DDoS attacks reach 1 Tbps.