New research from data security solutions vendor Imperva sheds new light into directed denial of service (DDoS) attacks against businesses, showing not only are attack volumes increasing – attacks are lasting longer as well.
While most DDoS threat research has focused on how attacks are becoming increasingly sophisticated and frequent, Impevra sought to examine attack duration and frequency to better understand the business implications of DDoS attacks.
According to Imperva’s research, the average unmitigated attack can cost a business US$40,000 per hour, with implications beyond lost business opportunities. An attack can lead to loss of consumer trust, data theft, and even intellectual property theft. And with the growing length of attacks, those costs can really add up.
The report looked at two kinds of attacks: network layer attacks and application layer attacks. It found the largest network layer attacks peak at 253Gbps and last for up to 64 days, while 20.4 per cent of all attacks last for over five days. The largest application layer attacks peak at 179,712 RPS and last up to eight days, and on average targets were hit every 10 days.
“What is most disconcerting is that many of these smaller assaults are launched from botnets-for-hire for just tens of dollars a month,” said Imperva, in the report. “This disproportion between attack cost and damage potential is the driving force behind DDoS intrusions for extortion and vandalism purposes.”