In the course of Infosecurity Europe 2018 in London, Link11 surveyed more than 200 IT professionals, hosting providers as well as IT solution providers and came to the alarming conclusion that the DDoS threat in the UK is still taken far too lightly. Compared to the data collected in a similar survey by Link11 at Infosecurity in London in 2017, the results clearly indicate that UK organizations still underestimate the risk of DDoS attacks. Additionally, the data shows a significant increase of companies being affected by DDoS attacks. The respondents from the survey are categorized into two groups: end customers and IT service providers.
The survey showed, that an alarming 40.3% of end customers have been affected by a DDoS attack in the last 12 months – an increase of 11.7% compared to 2017. For IT service providers, this number grew from 22.6% to 29.5%. Furthermore, 58,9% of IT service providers think that the frequency, size and risk of DDoS attacks will increase over the next 12 months in comparison with last year. 38.9% from the same group of respondents say that they or their customers have received a DDoS extortion e-mail in the past. From the end customers, 18.1% state that they have such an e-mail in the past.
This matches data observed by Link11’s security operations centre (LSOC). The number of DDoS attacks is continuously growing as seen in the quarterly published Link11 DDoS Report. According to the latest report from Q1 2018, organizations are facing 160 attacks per day on average. Compared to Q4 2017, this makes an increase of 10%. Just earlier this year, in late February 2018, a new, disruptive DDoS attaattack vector occurred – Memcached reflection attacks. Thanks to the always extremely high amplification factor, cyber criminals were able to easily launch massive DDoS attacks. Besides that, experts at Link11 have seen a rise in the complexity of DDoS attacks. Perpetrators often combine several vectors to make filtering the malicious traffic even harder for their target.
In the survey from InfoSec 2018, the risk occurring from DDoS attacks increased significantly throughout the last years. Whilst in 2017 only 7.1% of the end customers say, that they were hit by more than 100 DDoS attacks, in 2018 an alarming 17.2% have been hit by more than 100 attacks of this kind. Despite a large number of independent reports clearly showing that the risk of becoming the victim of a DDoS attack, organizations still take the threat too lightly. 26.5% of the IT service providers, that predict the DDoS risk to rise, have not addressed the use of DDoS protection solutions yet.
When asked how they would react to a DDoS extortion, every third end customer answered that they would not react at all- an increase of 5.8% compared to the survey from 2017. Whilst 61.5% would activate their existing protection solution, only 7.7% would order a DDoS protection solution. 6.9% of organizations said that they would even pay the extortionist. Ironically, among the end customers, almost a fourth of the respondents say that a DDoS attack would cost their organization more than $1.000.000 and another 25% say an attack like this would cost their organization between $50.000 and $100.000. Overall, 27.8% of end customers say, they have not yet addressed the use of a DDoS protection solution. Interestingly, 17% of end customers also say that they do not feel adequately protected against hyper attacks of more than 100 Gbps with their current DDoS protection.
Another interesting trend that could be seen from the survey was that there are still more organizations relying on appliances (10.7%) than on cloud scrubbing (8%). In times, when more and more businesses move their operations or at least parts of their operations into the cloud, this is highly unreliable.
“The problem we see at Link11 is that still many security solution providers recommend their customers to implement on-premise solutions. There is a number of good reasons why a DDoS solution should be cloud-based. The most important reason however, is that the hardware approach is always reactive, meaning that in the case of an attack, there will always be latency as someone needs to make a decision. The problem is, that by the time a company went offline, the damage is already done. Many executives still don´t realize that the cost of an outage is far higher than just lost revenue. Think about the reputational damage. Brands are built over years but can be destroyed overnight,” says Marc Wilczek, Chief Operating Officer at Link11. “Nowadays, it is extremely important to automate these processes in order to enable real-time mitigation. The Link11 approach combines automation with Artificial Intelligence and Machine Learning. This way, we filter out malicious traffic even before it reaches its target. Our customers don´t even see the impact of an attack because it never reaches them,” Wilczek adds.
In conclusion, it becomes clear that there is a big need for education about the risk emerging from DDoS attacks. Cybercriminals become more and more sophisticated in the way they take down organizations. DDoS protection needs to be always one step ahead of the attackers. But more importantly, organizations need to understand the importance of a reliable DDoS protection solution first. The DDoS risk needs to be taken seriously as it is just a matter of time until an organization becomes the victim of a DDoS attack. Therefore, companies should implement a cloud-based solution that runs automated and leverages the latest technologies such as Artificial Intelligence.
