Average Organization Faced 8 DDoS Attacks a Day in Q3 2017


Organizations were hit by an average of 237 DDoS attack attempts per month, or eight attack attempts a day, during the third quarter of 2017, according to the most recent Corero DDoS Trends Report.

That's a 35 percent increase over the previous quarter.

"The growing availability of DDoS-for-hire services is causing an explosion of attacks, and puts anyone and everyone into the crosshairs," Corero CEO Ashley Stephenson said in a statement. "These services have lowered the barriers to entry in terms of both technical competence and price, allowing anyone to systematically attack and attempt to take down a company for less than $100."

"Alongside this trend is an attacker arms race to infect vulnerable devices, effectively thwarting other attackers from commandeering the device," Stephenson added. "Cyber criminals try to harness more and more Internet-connected devices to build ever larger botnets. The potential scale and power of IoT botnets has the ability to create Internet chaos and dire results for target victims."

One fifth of the DDoS attack attempts in Q2 2017 leveraged multiple attack vectors. "Often lasting just a few minutes, these quick-fire attacks evade security teams and can sometimes be accompanied by malware and other data exfiltration threats," Stephenson said.

Confidence or Complacency?

A separate survey of 500 senior IT professionals, conducted by Sapio Research on behalf of CDNetworks, found that 88 percent of U.S. respondents are confident in their current DDoS mitigation capabilities, despite the fact that 69 percent have suffered a successful DDoS attack within the past 12 months.

Twenty-seven percent of U.S. respondents said more than half of the DDoS attacks they've faced have been successful, and 88 percent believe new DDoS attacks are likely or almost certain in the next 12 months.

U.S. respondents spend an average of $34,750 per year on DDoS mitigation, and 26 percent have invested more than $53,000 in DDoS mitigation technologies in the past 12 months alone.

"The results show that most U.S. companies are mindful of the alarming recent rise in DDoS attacks, and are increasing their investment in mitigation technology in response," CDNetworks Americas managing director Alex Nam said in a statement. "This has understandably led to a confidence in resilience. But when comparing alongside the frequency of DDoS attacks and the likelihood of their success, this confidence tips worryingly into complacency."

Targets in 98 Countries

Resources in 98 countries were attacked in the third quarter, up from 86 countries in Q2, according to Kaspersky Lab's Q3 2017 DDoS Intelligence Report. About half of all attacks originated in China, and about half of all detected command and control servers were located in South Korea.

The share of Linux botnets grew from 51 percent in Q2 to 70 percent in Q3 2017, and the number of attacks per day ranged from 296 on July 24 to 1,508 on September 26. Monday remained the quietest day of the week for DDoS attacks.

The third quarter saw an increase in the number of attacks on gaming services and on platforms offering new financial services such as initial coin offerings (ICOs).

"Entertainment and financial services -- businesses that are critically dependent on their continuous availability to users -- have always been a favorite target for DDoS attacks," Kaspersky head of DDoS protection Kirill Ilganaev said in a statement. "For these services, the downtime caused by an attack can result not only in significant financial losses but also reputational risks that could result in an exodus of customers to competitors."