Size Doesn’t Matter, Smaller DDOS Attacks May Be Deadlier

Contrary to popular beliefs, bigger isn’t always necessary better. This is especially true when it comes to distributed denial of service (DDOS) attacks where instead of size, much more significant is the type of attack.

This is just one of the conclusions published by Radware’s Emergency Response Team (ERT) after performing a series of tests and polls.

They found that 76% of the DDOS attacks that successfully targeted companies had a bandwidth of less than 1 Gbps. Even so, the damage these hits can cause is far greater than many suspect.

Situations in which companies are brought down by massive DDOS attacks are rare, the numbers revealing that only 9% of the attacks recorded in 2011 were over 10 Gbps, the remaining 32% falling in the under 10 Mbps category.

However, practice shows that less intensive, but equally serious attacks have a high potential to bring down an organization if an HTTP flood on the application level is involved, instead of a larger UDP flood on the network.

Among the myths Radware busted in their latest report is the one that says firewalls and intrusion prevention systems (IPS) are able to stop DDOs attacks. In reality, firewalls are often the weakest links and the best way to mitigate such attacks is by using dedicated hardware solutions.

While some believe that Content Delivery Network (CDN) providers are able to completely prevent attacks, experts argue that this is not always the case. They are able only to handle less sophisticated, large-volume attacks by absorbing them, but more sophisticated attacks can easily bypass CDN systems if the page requests are changed in every web transaction.

When speaking of DOS attacks, businesses should devise a proactive mitigation strategy, but this strategy shouldn’t be based on defensive, instead it should rely on offensive mechanisms. Companies can make sure that the attacker never has the edge by identifying the attack tools utilized as the vehicle to carry the attack campaign, with the purpose of exposing and exploiting its weaknesses.

The report also shows that 56% of cyberattacks were targeted at applications, instead of networks. Financial services, government and gamins sites were mostly hit, the reasons ranging from hacktivism to competitors and revenge.