According to Verisign‘s Distributed Denial of Service Trends Report for the third quarter of 2014, the number of large-scale DDoS attacks (10 Gbps and above) grew by 38 percent from Q2 2014 to represent more than 20 percent of all DDoS attacks in Q3 2014.
Attackers also grew in persistence, averaging 3.3 separate attempts per target, up from an average of two attempts in Q2 2014 — and the largest attacks in Q3 2014, targeting the e-commerce industry, peaked at more than 90 Gbps.
“The increase in attack frequency, like the increase in attack size, may be attributed to maturation of attackers, easier access to ready-made DDoS botnets and toolkits, and adversary observation of attack impact on their targets,” the report states. “As attackers continue to evolve and become more sophisticated, Verisign expects to see this trend continue into the foreseeable future.”
And according to Incapsula‘s recently-released DDoS Impact Report, a survey of 270 North American companies found that fully 45 percent have been hit by a DDoS attack (91 of those attacks took place during the last 12 months), with the average such attack costing $500,000.
More than two thirds of those who had been hit by a DDoS attack said they had been targeted two or more times.
Although 86 percent of DDoS attacks last for less than a day, according to Incapsula, respondents said the attacks cost an estimated $40,000 per hour.
“We believe that with the costs for attackers decreasing and costs for businesses increasing, DDoS targets have broadened from financial institutions and government sites to any company that depends on its online channels, like online retailers and SaaS vendors,” Incapsula CEO Marc Gaffan said in a statement.
“With ransom requests as low as a few hundred dollars yielding positive returns for attackers, even small technology start-ups are being targeted and taken down,” Gaffan added.
And Kaspersky Lab recently published the results of a survey of 3,900 companies in 27 countries, conducted by B2B International, which found that 38 percent of companies providing online services had been hit by a DDoS attack over the past 12 months.
While Kaspersky found that DDoS attacks cost SMBs an average of $52,000 per incident, the costs for larger enterprises averaged $444,000, close to Incapsula’s estimate.
And the financial impact is just one part of the damage such attacks can cause — 38 percent of resopndents said a DDoS attack had damaged their company’s reputation, and 29 percent said a DDoS attack had damaged their credit rating.
“Even though one in three companies have suffered from DDoS attacks, just six percent believe this type of incident is the most dangerous external cyberthreat they face,” Kaspersky Lab head of DDoS protection Eugene Vigovsky said in a statement. “However, taking down a site or preventing transactions is only the tip of the iceberg. A DDoS attack can lead to reputational losses or legal claims over undelivered services.”
“To ensure that clients have uninterrupted access to their online services, companies need to think in advance about appropriate protection against DDoS attacks,” Vigovsky added.