Hackers are increasingly turning to distributed denial-of-service (DDoS) attacks to take companies offline or steal their sensitive data, according to a new report from Corero Network Security.
In Q3 2017, organizations experienced an average of 237 DDoS attack attempts per month—or eight per day, the report found. These numbers represent a 35% increase in monthly attack attempts from Q2, and a whopping 91% increase from Q1.
Why the massive rise? Researchers believe that the reason is twofold: The growing availability in DDoS-for-hire services, and the implementation of many unsecured Internet of Things (IoT) devices.
DDoS-for-hire services have lowered the barriers of entry for criminals to carry out these attacks, in terms of both technical ability and cost, Ashley Stephenson, CEO of Corero, said in a press release. Now, almost anyone can systematically attack and attempt to take down a company for less than $100.
SEE: Network security policy (Tech Pro Research)
And in terms of IoT risks, earlier this year the Reaper botnet targeted known vulnerabilities in IoT devices and hijacked them, including internet-connected webcams, security cameras, and digital video recorders. Each time a device is infected, the device spreads the malware to other vulnerable devices, expanding its reach.
"Cyber criminals try to harness more and more Internet-connected devices to build ever larger botnets," Stephenson said in the release. "The potential scale and power of IoT botnets has the ability to create Internet chaos and dire results for target victims."
Ransom Denial of Service (RDoS) attacks also returned in Q3 2017, the report found, as this method allows cybercriminals to extort money from their victims. In these attacks, the criminal will typically send a message to the victim demanding a ransom, often ranging from five to 200 bitcoins, according to a recent Kaspersky Lab report. If the victim refuses to pay, the attackers threaten to organize a DDoS attack on one of the victim's important online resources.
In June, hacker group Armada Collective carried out a large-scale RDoS attack and demanded $315,000 from seven banks in South Korea, Kaspersky Lab found. And a new wave of these threats from hacker group Phantom Squad rolled out in September, targeting companies across the US, Europe, and Asia.
"As IoT botnets continue to rise, we may soon see hackers put on more dramatic RDoS displays to demonstrate the strength of their cyber firepower, so that their future demands for ransom will have to be taken more seriously," Stephenson said. "Paying the ransom is rarely the best defence, as it just encourages these demands to spread like wildfire."
For tips on how to fight cyberthreats like these, click here.
Want to use this data in your next business presentation? Feel free to copy and paste these top takeaways into your next slideshow.
- In Q3 2017, organizations experienced an average of 237 DDoS attack attempts per month, equal to eight per day. -Corero Network Security, 2017
- In Q3 2017, monthly DDoS attack attempts increased 35% over Q2, and 91% over Q1. -Corero Network Security, 2017
- The growing availability in DDoS-for-hire services and the proliferation of unsecured Internet of Things (IoT) devices has led to the increase in DDoS attacks in 2017. -Corero Network Security, 2017
- Why ex-employees may be your company's biggest cyberthreat (TechRepublic)
- Defending against cyberwar: How the cybersecurity elite are working to prevent a digital apocalypse (TechRepublic)
- How to make your employees care about cybersecurity: 10 tips (TechRepublic)
- Mobile security is really about risk and identity management (ZDNet)
- Password Policy [download] (Tech Pro Research)
Alison DeNisco Rayome is a Staff Writer for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.