DDoS attacks, of any volume, are one of the most prominent cyber threats these days because they are fairly simple to execute. Many reports and articles have been made public, showing the massive trend of DDoS attacks, with the stipulation that this year will see a record of over 15 million DDoS attacks launched.
Because DDoS-as-a-service can cost as little as $500, it’s easier for attackers to launch malicious attacks of varying complexity to shut down the online services of organizations, regardless of industry. 5% of organizations that suffered DDoS attacks lost more than $1 million due to the attack, either in direct losses, downtime costs or even reputational damage.
For example, LG Uplus, the Korean media giant, It ended up costing over $100 million in damages, customer compensation and security upgrades, all due to a single fallout from a DDoS attack.
What type of DDoS attack will succeed?
multi DDoS protection providers Publish success in thwarting large-scale and complex DDoS attacks. But the reality is that many successful DDoS attacks use short, intermittent, and sometimes even specific low-volume DDoS attack vectors.
Verizon’s 2023 “Data Breach Investigations Report” states that there is a resurgence of low-volume attacks that are still causing problems for corporations, but that doesn’t mean low-volume DDoS attacks are the new norm. At the end of 2022, Impreva reported an 81% increase in high-volume DDoS attacks, specifically Layer 7 DDoS attacks of at least 500,000 requests per second (RPS).
As the cost of bandwidth and CPU processing becomes more accessible, DDoS perpetrators are using their new capabilities to launch massive attacks, sometimes reaching a staggering 71 million RPS. But large volume attacks are relatively easy to spot, even if sometimes not so easy to moderate.
What organizations should be concerned about are low-volume DDoS attacks that slip through the cracks of DDoS protection.
Just because these are low-volume DDoS attacks, it doesn’t necessarily mean they aren’t dangerous. In fact, low-volume DDoS attacks tend to be more successful than high-volume attacks simply because they are harder to detect.
What are low volume DDoS attacks?
Low-volume DDoS attacks rely on a small stream of slow traffic targeting the victim’s online services, either application (Layer 7) or server resources (Layer 3 and 4). Furthermore, low-volume DDoS attacks require little bandwidth and can be a challenge to mitigate because they generate so little traffic that an organization may not realize they are under a DDoS attack when their services are unavailable to legitimate traffic (ie end users).
Low-volume DDoS attacks tend to target HTTP and HTTPS, but can also include TCP sessions with slow transfer rates that attack any TCP-based service. The most common low-volume DDoS attacks are Seloris attack, Tor’s hammer attackAnd the THC-SSL.
Because low-volume DDoS attacks do not require extensive resources to launch, they can be carried out from a single machine, so virtually anyone can launch such an attack. This is also why these attacks are very popular among DDoS-for-hire services.
The dramatic gradient of vulnerable IoT devices makes it easy for DDoS attackers to assemble huge botnets that can be used for, but not limited to, DDoS-for-hire attacks. Thus, we have encountered a situation where some of the most successful DDoS attacks of recent years, incl Attack on Microsoft 365There were actually multiple vector attacks that used low volume vectors along with others.
How to protect against low volume DDoS attacks?
The only way to protect against low-volume DDoS attacks and keep online services up and running is to continuously uncover blind spots and remediate the most relevant DDoS risks. Even with the best DDoS protection solution in place, any organization suffers up to 75% exposure to DDoS.
Organizations are extremely vulnerable to DDoS attacks, and an operator choosing a malicious combination of a multi-vector DDoS attack that combines a low-volume attack is likely to succeed.
In fact, as we’ve seen in many cases recently, including the infamous Microsoft attack, it only takes one successful, low-volume DDoS attack to shut down online services. Therefore, in order to achieve true DDoS resilience, an organization must have full visibility into its DDoS security posture, with continuous and non-disruptive DDoS checks against all known and unknown attack vectors.
.
