According to the Corero Network Security’s report, the first quarter of 2017 has seen a big increase in DDoS attacks. However, they say that these attacks aren’t the real problem. Instead, smaller attacks might be much more meaningful, since they might be distracting security researchers from noticing malware activities. And there’s even a theory that much bigger attacks might be on their way, and that the smaller attacks are only setting the stage for it.
Corero as a specialist when it comes to DDoS attacks, and they’ve just issued a report concerning the fourth quarter of 2016, as well as the first quarter of 2017. They suggest that these smaller attacks are just small enough to not be taken seriously and just meaningful enough to weaken the systems’ defenses for the big attack. The company even warns that most of the mitigation tools won’t even respond to certain smaller attacks, especially if they’re less than 1Gbps in size and under 10 minutes when it comes to their duration.
Corero’s CEO, Ashley Stephenson, has stated that these attacks are disruptive and that they can knock a system’s firewall offline, or even disable the intrusion prevention system. In other words, their effects will be felt if a bigger attack follows, but their attack won’t be seen as too alarming. The main thing is that they are bad enough and that they might open a way to hackers that can use the small hole in the system’s defenses to install a malware, or even steal some of the data. It’s even possible that the hackers only want to test the system’s defenses and collect info about it for future need.
The problem is that, even if these small DDoS attacks do get detected, the network’s administration might be too busy with the other problems, and not realize in time that the bigger threat lies behind the small attacks. Such situation was witnessed back in 2015 when the UK telecom called TalkTalk was robbed of customer data by hackers that used DDoS attacks as a distraction.
Stephenson also says that most short DDoS attacks might be considered harmless since the downtime periods don’t last. However, ignoring them is the same as leaving the defenses down, and inviting hackers to send you a malware or ransomware attack. She also says that the primary method of these attacks is deception and that the attacks that seem harmless and small might end up being the real threat.
Corero’s report also mentioned that 80% of DDoS attacks that attacked their customers in the first quarter of 2017 belonged to the small attacks (under 1Gbps). Also, 71% of them lasted less than 10 minutes, which puts them in the group of short attacks that would usually be left alone. Similar percentages were also recorded in the final quarter of 2016.
On the other hand, when it comes to bigger attacks, their number increased for entire 55% in this quarter, as opposed to the previous one.