Most UK firms ill-equipped for DDoS attacks, survey finds

Most UK firms are ill-equipped to deal with costly DDoS attacks, a survey from analysis firm Neustar has revealed

Most UK firms are ill-equipped to deal with costly distributed denial of service (DDoS) attacks, a survey has revealed.

This is despite a 36% increase in the number of UK companies hit by DDoS attacks, to one in three in 2013, according to the second annual UK DDoS report by communications and analysis firm Neustar.

A survey of more than 330 UK firms in eight industry sectors also found that, once attacked, there is a 69% chance of a repeat attack.

While 31% of companies polled were DDoS-attacked just once, over 48% were targeted at least twice, while some were targeted up to ten times, but 10% said they had “lost count”.

“Typically a DDoS attack is the start of something, it is rarely a once-off event,” said Susan Warner, DDoS market manager at Neustar.

“Once targeted, attacks are likely to continue, change method and escalate in size, intensity and intent.” 

A first DDoS attack is usually just to test what organisations can handle and what mitigation systems they have in place, to assess the size of the challenge to get around that, said Warner.

UK firms' protection lags

Neustar has no evidence that this attack process has been automated. Its security operations team works on the assumption that the volume and type of attacks are adjusted manually.

However, they said the control could be scripted in advance or use conditional logic to react to website availability.

The survey found the cost of DDoS attacks is significant, with 32% of companies estimating losses of more than £240,000 per day during a DDoS outage.

While there is evidence that UK firms have increased their awareness of DDoS attacks and the potential costs involved, the level of protection is still lagging, said Warner.

“We saw some increase in the use of purpose-built DDoS mitigation systems, but most are still relying on traditional firewalls, routers and intrusion prevention systems (IPS),” she said.

But according to Warner, in large DDoS attacks, these systems tend to become part of the problem, rather than helping to mitigate the impact.

“Many firms do not think they are at risk and do not really understand what happens during a DDoS attack, and how they affect firewalls, routers and IPS,” she said.

Attacks grow in frequency and length

Warner said organisations unsure of their vulnerability should have an IT consultancy perform a risk assessment, stress test and evaluation of the protections they have in place.

The survey found larger DDoS attacks are also becoming more frequent, with a 200% increase in attacks of 1-20Gbps, and a significant increase in attacks with a magnitude of 100Gbps or more.

In 2013 there was an increase in longer attacks, with 28% lasting up to two days as DDoS attacks become more prevalent in the UK, closing the gap with the US.

The number of attacks requiring more than 6 people to mitigate rose to 39% compared with 25% in 2012, while DDoS mitigation requiring more than 10 people doubled to nearly 24% percent in 2013.

The report warns that DDoS attacks are a growing threat to organisations with calamitous consequences for companies without the appropriate protection.

DDoS attacks not only inflict a grave toll on revenues, but can also damage brand value, public reputation and customer trust, the report said.

The study found DDoS attacks disrupt multiple business units with public-facing areas such as callcentres, customer service and marketing absorbing over 40% of costs related to DDoS attacks.

DDoS attacks used for distraction

Neustar’s annual survey also highlights an increase in DDoS “smokescreening” attacks. These attacks are used by cyber criminals to mask malware used to steal data or money.

While IT and security teams are fully distracted by a DDoS attack, criminals grab and clone private data to siphon off funds, intellectual property and more.

“This proves that DDoS attacks are more than just an annoyance, but really are a security issue,” said Warner.

The report found that, of those firms that reported DDoS attacks, 42% said they had also been the victim of some form of data theft and 53% said malware was installed or activated during the attack.

"Organisations must remain constantly vigilant and abreast of the latest threats,” said Rodney Joffe, senior vice-president and technology fellow at Neustar. 

“As an example, Neustar’s UltraDNS network suffered an attack just last week peaking at over 250Gbps – a massive attack by industry standards.

“Even with proper mitigations in place, the attack caused an upstream ripple. It is a constantly changing threat landscape."

According to Neustar, DDoS attacks are evolving in complex and dangerous ways and companies assessing their risk and protection should consider what they stand to lose if they are hit.

Companies should also ensure that rigorous risk, threat and cost analysis is robust enough to protect against financial and sensitive data losses.

Read more on Network security management