Let's get started.
Choose your country to view contact details.
Call for Sales.
Or we'll call you.
Existing customers, sign in to your business account or explore other support options.
You will soon receive an email with a link to confirm your access, or follow the link below.
You may now close this message and continue to your article.
As Denial of Service continues to dominate our incidents, so do the capabilities of mitigation services. However, there has been a resurgence of low volume attacks that still cause issues to corporations.
Denial of Service attacks continue to be ubiquitous and have remained in the top spot of incidents for several years now.
Frequency | 6,248 incidents, 4 with confirmed data disclosure | |
Threat actors | External (100%) (incidents) |
As the name would imply, the Denial of Service pattern covers all of those attacks that try to keep you from streaming your next episode of “Below Deck,” watching your next TikTok movie or loading your timeline on Twitter.43 Sadly, all of this can obviously add up to the nuisance of having to acknowledge the real world and the people around us. We can all agree that would be terrible indeed.
However, as some of our readers may know, organizations still actually need the internet to be up and running in order to conduct business. Every year, DoS shows up as a huge volume of Incidents in our datasets, stemming from several different mitigation service partners, including Verizon’s own. They are all doing an excellent job in preventing those Incidents from having any significant impact on organizations. In that light, even though the Denial of Service pattern has consistently taken the top spot in Incidents for the last several years (Figure 44), there is really not a lot of nuance to be discussed here, apart from our usual suggestion to invest in some sort of mitigation service if you care about the continued availability of your network presence on the internet. This is not due to a lack of nuance in the DDoS dataset overall but more a reflection of a lack of the typical details that we traditionally analyze such as Actors, Assets and Attributes.
Even so, it didn’t feel right to deny our readers a Denial of Service section, as there are still important trends and information that are necessary to be reviewed. It’s important to realize they’re still there, even if you can easily solve them. Also, it is a respite to not have to write about Ransomware for a couple of pages.
One important point we should touch on is the growth of median and above median percentiles in bits per second of DDoS attacks (see Figure 45).44 The median grew a whopping 57%45 from 1.4 gigabytes per second (Gbps) last year to 2.2 Gbps now, and the 97.5 percentile grew 25% from 99 Gbps to 124 Gbps. This is to be expected as costs of bandwidth and CPU processing become more accessible and available and suggests a trend that is hard to break on escalating competition between the attackers and mitigating services. Just make sure your contracted service can clear that bar, and most of the impact will likely be absorbed. Let the machines fight it out Transformers-style and crack open a cold beverage while you worry about all the other attack patterns afflicting your corporation.
Even as the volume of garbage in our networks grows, some attacks have a more subtle touch. A point of attention that some of our partners brought to us was the growth of distributed DNS Water Torture46 attacks in, you guessed it, shared DNS infrastructure. It is basically a resource exhaustion attack done by querying random name prefixes on the DNS cache server so it always misses and forwards it to the authoritative server. It is quite silly when you think of it, but it can be a heavy burden with some simple coordination by the threat actors’-controlled devices. Make sure to check on your DNS infrastructure resiliency and check for options with your mitigation service as well to make sure you are protected against these attacks too.
43 Not sure if we can blame our usual threat actors for this one.
44 Be sure to discuss this at parties. You’ll be wildly popular.
45 I bet you thought our inflation numbers in the U.S. were bad, huh?
46 This is NOT a subtle name!
Choose your country to view contact details.
Existing customers, sign in to your business account or explore other support options.