Small-scale DDoS Attacks On The Rise – Neustar

A new report from information services provider Neustar, has found a significant rise in the number of small-scale DDoS attacks.

The surprising development was revealed in the Neustar Q2’19 Cyber Threats and Trends report, which found that under the radar’ DDoS attacks have increased by 158 percent in the second quarter of this year, compared to the same time last year.

In June Telegram was knocked offline by a massive DDoS (distributed denial of service) attack, which the CEO of the app at the time blamed on China, which he said was trying to disrupt the street protests in Hong Kong.

Small-scale DDoS

The Neustar report from its Security Operations Centre (SOC), revealed that between April and June of this year, 75 percent of all attacks mitigated by Neustar were 5 Gigabits per second (Gbps) or less.

But at the same time it found that large attacks (100 Gbps and over) decreased by 64 percent.

Neustar said that the longest duration for a single incursion lasted up to two days, which meant these small attacks pose a significant threat to the enterprise, falling below the typical threshold that enterprises with a “detect and alert” DDoS mitigation strategy might employ.

“An attacker could therefore affect targets ranging from infrastructure to individual servers with relative impunity,” said the firm.

And the ability of companies to identify when they are being attacked is a worry.

When asked how likely they would be to notice today’s most prevalent smaller attacks, a staggering 72 percent of CTOs, CISOs and Directors of Security answered very unlikely, somewhat unlikely or somewhat likely.

The remaining 28 percent of respondents felt it was very likely that they would notice a small-scale DDoS attack.

“With the rise of smaller DDoS attacks going under the radar, now is the time for organisations to deploy an ‘always on’ DDoS mitigation service that is constantly monitoring traffic to ensure threats of all sizes are detected, managed and diffused,” said Rodney Joffe, senior VP at Neustar.

Risk register

“Now, with most of today’s attacks directed at specific services, gateways and applications – therefore requiring less traffic to bring it down – a greater level of understanding from businesses to determine the protection they need is essential,” Joffe added.

“The first stage of this is to determine what is valuable, not what is vulnerable,” he added. “One of the best ways to separate vulnerability from value is to create a ‘risk register’ that starts from the inside and focuses on your most critical business assets.”

In 2017 research from Kaspersky Lab found that 43 percent of businesses who had fallen victim to a DDoS attack believed their competitors were behind it, while just 38 percent considered cyber criminals the more likely suspects.

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago