Security Experts:

Connect with us

Hi, what are you looking for?



DDoS Attacks Boom as Hackers Increase Size, Frequency

Distributed denial-of-service (DDoS) attacks are growing in both size and frequency, challenging organizations to keep up, according to a new report from Arbor Networks.

Distributed denial-of-service (DDoS) attacks are growing in both size and frequency, challenging organizations to keep up, according to a new report from Arbor Networks.

According the firm’s 10th Annual Worldwide Infrastructure Security Report, organizations of all types and sizes faced disruptive DDoS threats to their business. The report included responses from 287 organizations, and covered the period from November 2013 to November 2014.

According to the findings, the most frequently observed threats on enterprise networks were DDoS attacks, accidental data loss and botted or otherwise compromised hosts, all of which garnered around a third of respondents. Nearly half of all enterprises in the report were hit with DDoS attacks during the survey period, with almost 40 percent of those seeing their Internet connectivity saturated. In addition, more than one-third of these organizations had firewall or IPS devices experience a failure or contribute to an outage during a DDoS attack.

IPS devices and firewalls were also hit at other types of organizations as well. For example, among data center operators, nearly half reported their firewalls experienced or contributed towards an outage due to DDoS – up from 42 percent last year. Load balancers also experienced issues, with more than a third of respondents seeing these fail as well due to DDoS.

“It’s difficult to say exactly how often the firewalls and IPS are the targets but we do know that they often fail,” said Gary Sockrider, solutions architect for the Americas for Arbor Networks. “According to our survey this year 35 percent of enterprise respondents indicated their firewall or IPS failed or contributed to an outage due to an attack. This is another example of attack technique evolution. In this case, attacks are crafted to exhaust state tables. Since these security appliances typically maintain state tables for traffic passing through them they can become the victim before the attack even reaches the target.”

The impact of DDoS on businesses can be significant, with 49 percent citing operational expenses and 37 percent reputation damage as the top business impacts among enterprises. Overall, the number of attacks appears to have gone up. In 2013, just over one quarter of respondents said they had seen more than 21 attacks per month. In 2014, that percentage stood at 38 percent. The largest reported attacks ranged from 400 Gbps through 300Gbps, 200Gbps and 170 Gbps.

Ninety percent of respondents admitted seeing application-layer attacks, and two-thirds of attacks are volumetric. Forty-two percent of respondents experienced multi-vector attacks that combined volumetric, application-layer and state exhaustion techniques within a single sustained attack. 

“Volumetric attacks are the oldest and original type of denial of service attack,” Sockrider said. “Simply put, attackers send extremely high volumes of packets at an incredibly fast rate to completely overwhelm the Internet infrastructure connecting the victim to the global network. Think of it like a road leading out of town during an emergency evacuation. So many cars get on the road at once that traffic comes completely to a halt.”

“The reason to combine different attack vectors is simply a matter of stealth and complexity,” he explained. “Volumetric packet floods are brute force attacks like a sledge hammer. Application layer attacks are low and slow stealth attacks that are harder to detect. State exhaustion attacks can affect a broad range of infrastructure so they’re the Swiss army knife. By combining these, the attack has a much better chance of success for longer periods because a defender has to find and mitigate all of them to restore availability.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Application Security

A CSRF vulnerability in the source control management (SCM) service Kudu could be exploited to achieve remote code execution in multiple Azure services.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.