DDoS attacks costs enterprise £100,000 per hour, study finds

DDoS attacks are not only a disruption but can also cost businesses dearly, according to Neustar research.
Written by Charlie Osborne, Contributing Writer

DDoS attacks are on the rise and the enterprise is paying up to £100,000 per hour during cyberattacks, according to new research.

Distributed denial-of-service (DDoS) attacks attempt to shut down online services by overwhelming services with too much traffic, and remain a popular method for hacktivism -- such as the Anonymous attack on the US State of Indiana website in response to a controversial bill -- as well as a means of distraction while sophisticated network intrusion takes place.

Not only can services be disrupted, networks closed and customers inconvenienced, a DDoS attack can prove to be extremely expensive for corporate victims.

Neustar's latest annual DDoS research, dubbed the DDoS Attacks & Impact Report, suggests that 40 percent of businesses estimate an hourly loss of over £100,000 at peak times during DDoS-based outages -- a 470 percent rise from Neustar's last annual survey in 2014.

In a survey of IT professionals spanning 250 companies in the United Kingdom and throughout the EMEA region across industries including financial services, technology, retail, government & public sector, health care, energy & utility and media, the company discovered that multiple attacks are also becoming more prevalent. DDoS attacks are lasting longer than those recorded in 2014, with over a third of attacks hitting business operations for over 24 hours.

In addition, the cloud information services and data analytics says 52 percent of firms which have experienced a DDoS attack also find themselves victims of theft. In total, the amount of corporations reporting the loss of customer data, intellectual property or funds during a DDoS attack has increased by 24 percent in comparison to last year.

Rodney Joffe, Senior Vice President and Technology Fellow at Neustar commented:

"Businesses need to become more strategic in their approach to fighting these attacks. The use of website stressor services such as Lizard Squad, which lets anyone take down a website for as little as six dollars a month, has become a major source of irritant attacks, with the sizes jumping during 2014."

In December last year, Lizard Squad began offering a $5.99 a month DDoS attack tool called Lizard Stresser. Available in different packages -- including a lifetime option -- the tool provides access to relays for individuals to launch DDoS campaigns against websites.

As launching DDoS attacks no longer require technical expertise and can be completed cheaply, we are likely to continue seeing a rise in these kinds of attack methods.

According to the report, 84 percent of businesses surveyed employ up to 10 specialists to mitigate DDoS attacks as they occur -- but as in many cases, DDoS campaigns are a distraction which opens the doors for malware or virus installation while eyes are turned away.

"The online community needs to develop industry-based mitigation technologies that incorporate mechanisms to distribute attack source information into ISPs, so they can squelch the attacks closer to the source. It needs to improve visibility and understanding of activities in the criminal underground, so their command and control structures can be disabled rapidly. Finally, it's important to improve attribution and law enforcement actions to identify perpetrators and bring them to justice," Joffe added.

This week, popular US coding website GitHub, used by businesses and developers to develop and share new digital tools, admitted it has been under a large-scale DDoS attack since Thursday last week. The DDoS attack is aimed at particular content including anticensorship tools and copies of websites banned in China, and the country has yet to deny involvement.

Interested? GitHub suffers 'largest DDoS' attack in site's history

Read on: In the world of security

Read on: Fixes and Flaws

Editorial standards