Distributed Denial of Service (DDoS) attacks are a common method used by hackers to try to take down a website. By inundating the site with traffic from multiple sources, the goal is to overwhelm the web server until it crashes or is forced to shut down. DDoS attacks can hit any organization large or small.
But certain industries and types of businesses are more heavily targeted, according to a report from Imperva. Most DDoS attacks in 2019 were directed toward companies in the gaming and gambling sectors, the report found.
SEE: Cheat sheet: Distributed denial of service (DDoS) attacks (free PDF) (TechRepublic)
Released on Wednesday, Imperva’s annual Global DDoS Threat Landscape Report looks at the greater scale, effective strategies, and higher frequency of DDoS attacks.
In 2019, most of the DDoS attacks observed by Imperva were smaller than in the past. Around 25% lasted less than 10 minutes and 15% less than 30 minutes. Only around 5% lasted more than 24 hours. The small duration could be explained by the need to do as much damage as possible before DDoS protection was able to kick in.
The size of DDoS attacks are measured with two different factors: 1) Millions of packets per second (Mpps) measures the forwarding rate, or the rate at which packets are delivered; 2) Gigabits per second (Gbps) measures the throughout, or the total load on a network.
One attack hit as high as 580 Mpps and 680 Gbps. A small percentage went up to 200+ Mpps and 300+ Gbps. But the overwhelming majority of them were less than 50 Mpps and 50 Gbps. That small amount may be the result of DDoS-for-hire services, which often sell unlimited quick and small attacks, according to Imperva.
Yet the attacks also were more persistent. A full two-thirds of the targets were hit up to five times, while a quarter of them were attacked 10 or more times. Typically a hacker doesn’t repeat an unsuccessful DDoS attack. But targets that have high profiles may get hit multiple times through different attack methods before the hacker eventually gives up.
UDP (User Data Protocol) was the most popular attack vector last year, used in 36% of the attacks analyzed by Imperva. UDP is popular among DDoS attackers because it’s easy to spoof and is used in almost all DNS amplification attacks, which exploit vulnerabilities in domain name system (DNS) servers. Beyond UDP, other common attack vectors were SYN Flood, DNS Response, TCP, and NTP.
Overall, large organizations are more likely to be the targets of persistent DDoS attacks, which are often conducted by competitors or extortionists.
Gaming and gambling are highly competitive industries that involve an element of risk and in which players don’t necessarily follow the rules. Almost 36% of the attacks were launched against gaming companies, while 31% hit gambling sites.
Companies in the computing and internet sectors came in third as the recipients of 36% of the DDoS attacks launched in 2019. Internet service providers, web hosts, and domain providers are often the victims of attacks because of their high value. Particularly susceptible to DDoS attacks are sites that host high-risk businesses such as gaming and gambling companies and crypto-currency traders, according to Imperva.
Further, the adult industry was the most attacked sector in 2019 by a wide margin. Every adult-oriented website tracked by Imperva during the year was hit by an average of 84 attacks between May and December, totaling around 10.5 attacks per site each month.
Finally, there are additional reasons some industries are targeted more than others.
- Business competition. In competitive industries, such as gambling, a DDoS attack can be used to take down a rival’s website.
- Extortion. Certain industries, such as e-commerce, are dependent on their online presence and are easy prey for perpetrators extorting money in exchange for keeping a specific website online.
- Hacktivism. Hacktivists typically target political, media, or corporate websites to protest their actions.
- Vandalism. Cyber vandals, typically disgruntled users or random offenders, often attack gaming services or other high-profile targets.