DDoS Attacks in 2017: No Days Off

As New England Patriots coach Bill Belichick famously said at one of the team’s Super Bowl parades, (can’t remember which one, hard to keep track:))


This is a nice summation of the current DDoS attack landscape. No days off.

Arbor Networks ATLAS® is a collaborative project between Arbor Networks, the security division of NETSCOUT, and 400 service provider customers who have agreed to share anonymous traffic data with us. ATLAS delivers a truly comprehensive view into internet traffic, trends and threats. From this unique vantage point, Arbor is ideally positioned to deliver intelligence about botnets, DDoS attacks and malware that threaten internet infrastructure and network availability.

The data shows DDoS attacks are ubiquitous.

  • 6.9 million DDoS attacks through October 31.
  • 22,622 attacks per day.

Only a few years ago, DDoS attacks targeted certain industries, gaming and finance being at the top of the list. What’s changed is the consistent drumbeat of attacks. Today, they are pervasive, impacting businesses of all sizes, across all industries and geographies.

The driver for this remains the ready availability of free attack tools that can turn anyone with an internet connection and a grudge into a DDoS attacker. The bull market in DDoS attack services is also a significant factor. For hire services, known as booster/stressers, use botnets, IoT or traditional, to launch attacks at specific targets for specific prices. It is a buyer’s market, with plenty of services offering a wide range of capabilities, even ‘try before you buy’ and service level agreements.

According to Arbor’s 12th annual Worldwide Infrastructure Security Report (WISR) the average cost of downtime to the victim of a DDoS attack is around $500 per minute. Arbor research into a Russian-based DDoS for hire service showed the mean cost to the attacker is only $66 per attack. An even more startling reminder of how profitable these services are happened last year when two teenagers were arrested for running a for-hire DDoS attack service. Brian Krebs reported that the teens,

“earned in excess of $600,000 over the past two years helping customers coordinate more than 150,000 so-called distributed denial-of-service (DDoS) attacks designed to knock Web sites offline.”

What’s important to understand from a defensive standpoint is that these are not all high-volume attacks. The real action is happening on-premise.


  • 25% of DDoS attacks targeting the Enterprise go after Layer-7 applications. That’s 2 million attacks annually.


  • 70% reported attacks target infrastructure (firewalls, IPS), up from 56 percent last year, making it the most popular target. Nearly half reported firewalls or IPS devices experience a failure or contribute to an outage during an attack.


  • 41% reported attacks that combine multiple attack techniques concurrently, aimed at the same target, to increase both the mitigation complexity and attacker’s chance for success.

Source: Arbor’s 12th annual Worldwide Infrastructure Security Report

That’s what the DDoS landscape looks like right now. It’s relentless. It’s increasingly agile and complex and it is heavily tilted in favor of the attacker when they find an unprepared target.

For these reasons, and more, Arbor is a strong proponent of hybrid, or multi-layer DDoS defense. Integrating on-premise and cloud-based mitigation is the only way to be protected from the modern DDoS attack. Cloud mitigation alone is not suited for attacks targeting applications and infrastructure, while on-premise can only handle so much traffic before it needs back-up from the cloud.

To gain more insight into the global threat landscape, and what leading organizations are doing to protect themselves, download Arbor’s 12th annual Worldwide Infrastructure Security Report (WISR)

  • Posted in DDoS
  • Comments Off on DDoS Attacks in 2017: No Days Off