DDoS (Distributed Denial of Service) attacks are making headlines almost every day. 2021 saw a 434% upsurge in DDoS attacks, 5.5 times higher than 2020. Q3 2021 saw a 24% increase in the number of DDoS attacks in comparison to Q3 2020.
Advanced DDoS attacks that are typically targeted, known as smart attacks, rose by 31% in the same period. Further, 73% of DDoS attacks in Q3 2021 were multi-vector attacks that combined multiple techniques to attack the targeted systems. The largest percentage of DDoS targets (40.8%) was in the US Banks, and financial institutions were the biggest DDoS and DoS attack targets in the past couple of years.
Does this mean businesses and organizations that aren’t in the banking and financial services sector are safe from DDoS attacks? Most definitely not! Every business is a potential DDoS target. Read on to know why and what measures to take to keep your business effectively protected.
Common DDoS Targets
Even though every business can be targeted by attackers, some industries and businesses are more highly targeted. As mentioned earlier, banks and financial institutions were the biggest DDoS targets in 2021. Other commonly targeted industries are:
- Educational institutions
- Wired telecommunication carriers
- Online gaming and gambling
- Wireless telecom carriers
- Governments and their agencies
- ISP, hosting, and related services
- Remote learning companies
- Technology companies, especially with the rise in telecommuting
It is also critical to note that SMEs are targeted as much by threat actors as large businesses and corporates. It is a common misconception among SMEs that they will not be targeted and take a lax approach towards DDoS mitigation. Attackers take advantage of this laid-back approach to orchestrate DDoS attacks against SMEs.
4 Reasons Why Every Business is a Potential Target
1 — Lackadaisical Approach to DDoS Prevention and Security
Despite the advent of technology, several businesses continue to use traditional tools such as legacy firewalls and dated methods such as signature-based traffic monitoring to protect against DDoS. The attacks today are more sophisticated than ever, and traditional security measures do not suffice. Even attacks that last for a few minutes brings significant financial and reputational damage.
It is also critical to note that SMEs are targeted by threat actors as much as large businesses and corporate houses. As attacks against larger corporations tend to make the headlines, it is a common misconception among SMEs that they will not be targeted. So, they tend to take a lax approach towards DDoS mitigation. Attackers take advantage of this laid-back approach to orchestrate DDoS attacks against SMEs.
2 — Growing Attack Surface
The pandemic has significantly accelerated digitization among all kinds of organizations, including government, non-profits, and SMEs. Further, the use of BYOT devices remotely from shared (often insecure) networks has shot up. As the result, every organization has a widening attack surface and an increased risk of DDoS threats. The problem is exacerbated when organizations do not understand the importance of DDoS protection and rely on generic solutions and default solutions provided by the hosting/ ISP/ cloud service provider.
3 — DDoS Attacks are Easy and Economical to Orchestrate
A large percentage of DDoS attacks in the past few years have lasted for less than 4 hours. Even though the attacks lasted for a shorter duration, their intensity, frequency, and severity have increased manifold. Today, sophisticated, multi-vector, and smart DDoS attacks are easy and cost-effective to orchestrate more than ever owing to the following reasons:
- Technological advances
- Easy availability of malware tools and botnets
- Availability of DDoS-as-a-service and hacking-as-a-service
So, attackers can launch attacks with almost zero effort. Further, the financial benefits of DDoS attacks are high, making them lucrative for attackers.
4 — Potent Tool for Competitors and Disgruntled Employees
Websites that keep crashing or have frequent downtimes (often caused by DDoS attacks) or have their webpages vandalized lose their search engine rankings and reputation. So, competitors and even disgruntled employees often use DDoS as a tactic to erode your search engine rankings and bring about significant reputational damage.
images from Hacker News