DDoS attack attempts continue to rise – with unsecure IoT devices the culprit
Organisations faced on average 237 DDoS attack attempts during the third quarter of 2017, equating to eight per day.
That is the primary finding from a new study by security provider Corero Network Security, with the figure marking an increase of 35% in monthly attack attempts compared to the previous quarter. The statistics are taken from DDoS attack attempts against Corero customers.
Explaining the reasons behind the increase in frequency of these attacks, Ashley Stephenson, CEO at Corero, said: “The growing availability of DDoS-for-hire services is causing an explosion of attacks, and puts anyone and everyone into the crosshairs. These services have lowered the barriers to entry in terms of both technical competence and price, allowing anyone to systematically attack and attempt to take down a company for less than $100.
“Alongside this trend is an attacker arms race to infect vulnerable devices, effectively thwarting other attackers from commandeering the device,” Stephenson added. “Cyber criminals try to harness more and more Internet-connected devices to build ever larger botnets. The potential scale and power of IoT botnets has the ability to create Internet chaos and dire results for target victims.”
The report also highlights hackers turning to new evolutions in hacking techniques: from simple volumetric attacks to sophisticated multi-vector DDoS attacks. It says that 20% of the DDoS attack attempts recorded during Q2/2017 used multiple attack vectors.
Corero also noted a return of Ransom Denial of Service (RDoS) in Q3/2017. RDoS attacks, coupled with the anonymity offered by cryptocurrencies and the rise in IoT botnets, is bound to encourage cyber criminals to take advantage of vulnerabilities, the company added.
- » CIO job responsibilities in 2018: Driving business transformation and innovation
- » Invest in your employees’ mobile devices and see a serious dividend, argues Samsung
- » Organisations struggling with seamless customer experiences, MuleSoft argues
- » For enterprise cyber defence, there should be more than one solution
- » Forget facial recognition: Let’s use AI to help gauge integrity