What is the impact of DDoS attacks on businesses?

Digital transformation across the globe is meaning that in turn, the threat landscape is expanding, leading to more cyber attacks. 

Cyber attacks occur when cybercriminals try to gain illegal access to data stored on a computer or a network. The intent might be to inflict reputational damage or harm to a business or person, or theft of valuable data. Cyberattacks can target individuals, groups, organizations, or governments.

Cybersecurity Ventures expects global cybercrime costs to grow by 15% per year over the next five years, reaching US$10.5tn annually by 2025, up from US$3tn in 2015. 

Coming in a variety of different forms, cybercriminals use many different methods to launch a cyber attack. We take a look at distributed denial-of-service (DDoS) and how they are impacting businesses. 

What is a DDoS attack?

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.

DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices.

DDoS attacks have the capability to bring services offline for periods of time ranging from just a few seconds to weeks in the most disruptive scenarios. 

Larger and more complex DDoS attacks

New analysis from F5 has found that DDoS attacks decreased slightly in 2021 but are becoming larger and more complex in nature.

Data collected from F5 Silverline – a cloud-based managed services platform detecting and mitigating DDoS attacks in real-time – showed a 3% year-on-year decline in the overall volume of attacks recorded in 2021. However, while volume may have declined, the severity of attacks ramped up markedly over the course of the year.

By Q4 2021, the mean attack size recorded was above 21 Gbps, more than four times the level from the beginning of 2020. Last year also saw the record for the largest-ever attack broken on multiple occasions.

“The volume of DDoS attacks has fluctuated by quarter, but the unmistakable trend is that these attacks are getting larger,” said David Warburton, Director of F5 Labs.

“While the peak size of attack remained steady throughout 2020, last year we saw it climb consistently. This includes Silverline DDoS Protection tackling several attacks that were successively the largest we had ever seen by an order of magnitude.”

Targeted industries 

Banking, financial services and insurance (BFSI) was the industry most targeted by DDoS attacks in 2021, subjected to more than a quarter of the total volume. Technology, the most targeted sector of 2020, fell into fourth place behind telecommunications and education. 

Between them, these four industries accounted for 75% of all recorded attacks, with a long tail of others including energy, retail, healthcare, transportation and legal that saw hardly any adverse activity.

“Even though the number of attacks tapered off slightly in 2021, the DDoS problem is by no means abating,” said Warburton. “Both the size and complexity of these attacks are increasing, demanding a more agile and multi-faceted response from defenders.

“As the sophistication and variety of DDoS attacks increases, organisations will find themselves using a wide variety of measures to protect against them, including upstream controls to inspect and limit the traffic reaching endpoints, and managed service providers who can work alongside internal security teams both to prevent attacks and move quickly to mitigate those in progress.”