Shorter DDoS attacks are more difficult to mitigate in carrier or service provider network environments, according to a new report by Corero Network Security released on Monday. Short duration sub-saturating attacks are harder to shut down in these networks because of the way they mitigate attacks, using coarse sampling detection techniques and centralized scrubbing centers.
According to Corero’s Trends and Analysis Report for the first half of 2015, more than 95 percent of the attacks it fought lasted 30 minutes or less. Along with shorter attacks, the majority of the attacks Corero battled were less than 1 Gbps.
In the report, Corero noted that while DDoS attacks targeting its customers in the first three months of 2015 continued to average three attacks per day (consistent from the previous quarter), the daily attack volume increased in Q2 to an average of 4.5 attacks. The ease in purchasing and launching DDoS attack tools is one of the reasons Corero cites for this increase.
Corero is not the only company that reported an increase of DDoS attacks in the first half. A recent report by VeriSign found that there was 34 percent more DDoS attacks in the first half of of 2015 than in the first half of 2014.
“Attackers are continuing to leverage DDoS attacks as part of their cyber threat arsenal to either disrupt business operations or access sensitive corporate information, and they’re doing it in increasingly creative ways that circumvent traditional security solutions or nullify the previous effectiveness of scrubbing centers,” Corero Network Security CTO and Vice President, Product, Dave Larson said in a statement. “In order to effectively protect their networks, prevent disruptions to customer operations, and better protect against data theft and financial loss, companies need real-time visibility and mitigation of all DDoS attack traffic targeting their networks, regardless of size or duration.”
Larson was a recent guest on a WHIR: Cloud Talks podcast, where he discussed DDoS attacks and the impact they can have on customers.
Corero said that a significant majority of respondents rely on traditional security infrastructure products such as firewalls, intrusion prevention systems and load balancers. Around 75 percent of respondents said that they would like their ISP to provide additional security services in order to prevent DDoS traffic from entering their networks, and more than half indicate that they are interested in purchasing a premium service to prevent the same. This indicates a significant opportunity for hosting providers and ISPs in offering premium security services.
Of course, one of Corero’s motivators for releasing a DDoS report is to promote its own services. In June, hosting provider Hivelocity added Corero’s SmartWall Threat Defense System to its network defense infrastructure to block DDoS attacks.
The full report is available for download from Corero’s website.