DDoS attacks are continuing to evolve and the last 12 months has seen huge growth in the number and size of the attacks going on in New Zealand.
When we couple this with businesses’ increasing reliance on Internet connectivity, for either revenue or access to cloud based data and applications; protection from the DDoS threat should be a top priority.
Looking back at 2014, attackers seem to have refocused on using large traffic floods, known as volumetric attacks, to effectively cut their targets off from the Internet.
Volumetric attacks have always been the most common attack type, but in the last year the scale of the problem has changed.
How the Attack Landscape has Changed in New Zealand and Globally
The use of stealth methods of attack including reflection/amplification techniques to launch massive attacks has increased.
The largest reported attack globally in 2014, according to Arbor Networks’ tenth annual Worldwide Infrastructure Security Report was 400Gbps.
Other large reported events were 300, 200 and 170Gbps and there were several more over the 100Gbps threshold.
Ten years ago, the largest attack was just eight Gbps; the problem has grown significantly for businesses.
Multi-vector and application-layer DDoS attacks are becoming very commonplace, in Arbor’s Infrastructure Security Report, 90 per cent of respondents reported application-layer attacks and 42 per cent experienced multi-vector attacks that combine volumetric, application-layer and state exhaustion techniques within a single sustained attack.
DDoS attack frequency is also on the rise. In 2013, just over a quarter of respondents indicated they had seen more than 21 attacks per month; in 2014, that percentage doubled to 42 per cent.
How does this Affect New Zealand Businesses?
DDoS and advanced threats are increasingly common: Nearly half of respondents saw DDoS attacks during the survey period, with almost 40 per cent of those seeing their Internet connectivity saturated.
Firewalls and IPS devices continue to be targets for attackers and over one third of organisations had Firewall or IPS devices experience a failure or contribute to an outage during a DDoS attack.
Data Centres and the Cloud are Attack Major Targets
Cloud services are a bull’s-eye for attackers, and over one quarter of respondents indicated that they had seen attacks targeting cloud services.
Security incidents are up, but New Zealand organisations are not fully prepared to respond: Just over one third of respondents indicated an increase in security incidents this year, with about half indicating similar levels to last year.