The volumes of DDoS attacks have remained consistently high and these attacks cause real damage to organizations, according to a report from Neustar.
The global response also affirms the prevalent use of DDoS attacks to distract as “smokescreens” in concert with other malicious activities that result in additional compromise, such as viruses and ransomware.
Neustar collected responses from more than 1,000 information security professionals, including CISOs, CSOs and CTOs across North America, Europe, and the Middle East (EMEA), and Asia-Pacific (APAC), to determine how DDoS attacks are impacting their organization and how they are mitigating the threat.
Key findings show that the overwhelming majority of surveyed firms in APAC (77%) suffered a DDoS attack, and 85% of attacked firms were attacked more than once while 45% were attacked six or more times.
Also, the majority of firms that suffered a DDoS attack (53%) also experienced some form of additional compromise. In APAC, 48% of breached organizations discovered a virus, malware was activated at 37% of breached organizations, and ransomware was encountered at 16% of breached organizations.
Further, it can take hours to detect and mitigate a DDoS attack at significant cost to the organization. Among respondnets in APAC, 81% took an hour or more to detect a DDoS attack and 72% took an additional hour or more to respond to the attack.
Globally, 49% of surveyed organizations would lose $100,000 or more per hour of downtime during these attacks.
Additionally, the overwhelming majority of firms (76%) are investing more in DDoS protection than they were a year ago. The majority of respondents (53%) are using traditional firewalls, 47% are using a cloud service provider and 36% are using an on-premise DDoS appliance combined with a DDoS mitigation service (hybrid solution).
“As proof of the increasing threat and destructive nature of DDoS attacks, the industry has recently seen an incredibly complex, hacked IOT device-driven DDoS attack that surpassed 620 Gbps, lasted for multiple days, and crippled a high-visibility website,” said Tom Pageler, chief security and risk officer of Neustar.