How to fight back against rising DDoS attacks

By Tema Hassan, Senior Product Manager at Zayo Europe.

  • Wednesday, 31st July 2024 Posted 3 months ago in by Phil Alsop

One of the most common cyber threats, DDoS (Distributed Denial of Service) attacks target an organisation's online presence by flooding its Internet service with traffic, preventing user access. These attacks can completely shut down a business’s Internet connectivity and often serve as a smokescreen for more malicious incursions, such as ransomware. 

You only have to look at the data to understand the scope of the problem at hand. Our findings reveal a significant increase in the intensity of DDoS attacks and their impact on businesses in the second half of 2023. The average DDoS attack lasted 68 minutes, with unprotected organisations facing a staggering cost of £4,700 per minute. This translates to an average of £325,000 per attack, highlighting the severe financial implications of these attacks. 

The escalation is particularly evident in the surge in the duration of these attacks. From Q1 to Q4 of 2023, the average length of attacks increased by more than 400%, rising from 24 minutes to 121 minutes. This trend signals growing concerns from both security and cost perspectives. 

Telecoms hit the hardest

Our data also revealed the telecommunications sector as the primary target, accounting for nearly half (49%) of all DDoS attacks in 2023. The severity of attacks on telecoms grew substantially, with the average duration jumping 104% to 33 minutes per attack from Q1 to Q4. The second half of 2023 witnessed an alarming 13,000 attacks on this industry. These findings demonstrate the urgent need for robust cybersecurity measures across all sectors, but particularly in telecommunications.

Why are DDoS attacks intensifying? 

DDoS attacks are increasing for several reasons, one of which, AI, is a double-edged sword. On the one hand, criminals are using AI to enhance the sophistication of their attacks and circumvent traditional defence mechanisms. On the other hand, mitigation platforms can use AI to dynamically identify and defend against new and emerging threats. As DDoS remains a profitable model for cybercriminals, attacks will continue to be a brutal inevitability for businesses.

Political tensions are also seemingly contributing to the rise in DDoS attacks. State actors and political activists often use these attacks to make statements or signal intentions. For instance, Imperva's new DDoS report found notable surges in DDoS attacks in Ukraine (519%), Israel (118%), and China (84%).

What should businesses be doing to protect themselves?

While it’s not possible to stop criminals from targeting businesses with DDoS attacks, it is possible to reduce the duration of an attack to the point where it is nearly imperceptible with an automated redirect of traffic to a system known as a ‘DDoS scrubber’. These DDoS scrubbers ensure that only legitimate traffic passes through.

No matter how long or how severe the attack is, a business that takes this zero-tolerance approach will be properly defended. The attack could last for hours - much like those experienced by governments - but the automated DDoS protection will frustrate the attackers as their efforts will have limited impact. 

A robust network infrastructure is also crucial for telecoms to combat DDoS attacks effectively. With increased traffic from 5G, AI, and other technological advancements, threat detection becomes more critical. Organisations need agile and modern networks as the backbone for connectivity and security. Telecoms must adopt these modern, flexible networks and phase out legacy and outdated technologies that create vulnerabilities. Without a flexible, up-to-date infrastructure, effective security becomes impossible.

Act before it’s too late

As the data highlights, cybercrime is on the rise and that is unlikely to change any time soon. There are sectors that are under threat more than others - manufacturing, telcos and cloud providers for example - but DDoS attacks can and will impact any digital business.

Any business that holds potentially sensitive data about customers or clients could find themselves being targeted, even in the relative infancy of its digital journey. But waiting to find out if you’ll be targeted, is like leaving the key in your front door at night. Businesses must be proactive and take the necessary steps to protect the organisation, the employees and clients. Otherwise, there’s a risk that they’ll find out just how impactful DDoS attacks can be the hard way.

By Kashif Nazir, Technical Manager at Cloudhouse.
By Terry Storrar, Managing Director at Leaseweb UK.
By Manuel Sanchez, Information Security and Compliance Specialist, iManage.
By Peter Hayles, Product Marketing Manager at Western Digital.
By Richard Eglon, CMO, Nebula Global Services.
Anita Mavridis, VP of Product at Zivver, and Sue Musumeci, Director of Quality & Clinical Informatics at Chronic Care Staffing, explore practical...
By Graham Jarvis, Freelance Business and Technology Journalist, Lead Journalist – Business and Technology, Trudy Darwin Communications.
By Krishna Sai, Senior VP of Technology and Engineering.