Why Size Doesn't Matter in DDoS Attacks

Companies both large and small are targets. Never think "I'm not big enough for a hacker's attention."

Nicolai Bezsonoff, General Manager, Security Solutions, Neustar

September 21, 2017

5 Min Read
Dark Reading logo in a gray background | Dark Reading

Distributed denial-of-service (DDoS) attacks have increased, and research shows that on average, a DDoS attack can cost an organization more than $2.5 million in revenue. As a small or medium-sized business owner, you may be thinking "hackers only use DDoS on the big boys" or "I'm not big enough for them to care." But these disruptive attacks are getting worse, and they're moving downstream. Today, they affect everyone from the largest organizations to smaller companies that are being hit either directly, or as a by-product of one of their service providers being attacked.

In a sampling of customers, Neustar found in a recent study that 78% of organizations that generate $50 million to $99 million per year had experienced a DDoS attack at least once in the last 12 months, and of those organizations attacked, 86% were hit more than once. Small and midsize companies are tempting targets because often they are armed less with heavy tech investments, services, and staff.

Companies also often overestimate the "protection" offered by ISPs and cloud service providers, such as Amazon Web Services. These organizations can only provide so much protection. Their priorities are protecting their backbone and availability services for all customers, not protecting any specific entity. When DDoS attacks become too large and create collateral impact, all traffic to that targeted host starts getting blocked or "blackholed." This effectively takes those businesses offline. To add insult to injury, often if you rely on an ISP or cloud service provider, it will not only bring down your site but also charge you for the traffic overages that happened during a DDoS attack. 

Additionally, attackers perform reconnaissance on targeted infrastructures, and it is easy to identify Domain Name Servers (DNS) service providers for online sites. Because of financial and technical acumen factors, many growing businesses opt to provide their own DNS service. This is not difficult and requires little maintenance. The downside is that DNS is an inherently vulnerable service because it needs to be exposed in order to work.

When attackers scout targets, they understand that large DNS providers are highly redundant and highly resilient. In comparison, organizations managing their own service are far more likely to be susceptible to failure and collapse with the right cyber attack. This makes self-managed DNS organizations more-tempting targets, not only because their DNS is easier to attack but also because self-managed DNS often lacks the resiliency and redundancy that make it more difficult to take down and is also likely an indicator of additional (and vulnerable) self-managed security within an organization.

SMBs Are Hot Targets for DDoS Attacks
Neustar research data on almost 200 midsize businesses (organizations that generate $50 million to $90 million per year) found the following in trends in SMB DDoS attacks over the last year:

  • 78% of SMBs were attacked at least once in the last 12 months, with 86% of those attacked hit more than once, and 34% of those attacked hit more than five times, indicating they had become tempting targets.

  • 38% saw malware activated during DDoS attacks, demonstrating a vulnerability to phishing and coordinated assaults on SMBs by savvy attackers.

  • 32% lost customer data records in concert with DDoS attacks, indicating a specific, targeted attack on a more vulnerable target. In many cases, a loss of data required a subsequent disclosure in line with industry regulations (PCI, HIPAA, and other compliance).

  • 20% of those attacked also experienced ransomware along with the DDoS attack, resulting in either further ransom payments that had to be made, or additional downtime or other actions required to re-establish services and access to data.

  • 52% needed more than three hours to detect and determine a DDoS was underway. Once detected, 43% needed more than three hours to respond to a DDoS attack once identified, likely because of limited investment and resources, and overestimation of protection offered by ISPs and cloud providers.

Because DDoS attacks have grown in severity and scale, small and midsize businesses should be vigilant to the fact that they are increasingly attractive targets. Although cloud and hosting providers can offer some level of protection, these businesses should remember that a hosting provider's priority will always be to keep its backbone and basic services up, and individual site vulnerability will always come second. These organizations must educate themselves about the variety of DDoS protections available in the marketplace and determine which options can cost-effectively meet their needs.

Here are the top five questions that organizations should ask their DDoS protection providers:

  • What layers of protection do you offer? Because no single protection is failsafe, the answer to this question will help an organization understand the methods and technologies being used to protect its site.

  • How variable is the cost of prevention? If I'm hit with a really big attack, will the mitigation costs spike to the point that I can't afford them?

  • What is your average response time? Even the largest cloud providers often have a surprisingly slow response times. Smaller organizations in particular should ensure that they won't be put at the bottom of a priority list in the event of attack, making their likely response times even longer.

  • What is the size of your network that's protecting me? This will indicate how large an attack a provider can withstand.

  • Where are your DDoS mitigation facilities located globally? This helps organizations understand if DDoS mitigation capabilities comply with the various regulations that vary by country.

As large enterprises become more sophisticated in their DDoS defenses, small and midsize organizations will continue to become an increasingly attractive target for attackers. Start asking these questions and putting in place protections now, before your brand, reputation, and bottom line take a hit from these attacks. 

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

About the Author

Nicolai Bezsonoff

General Manager, Security Solutions, Neustar

Nicolai Bezsonoff is the General Manager of Security Solutions at Neustar. He spearheads the company's industry-leading DDoS, DNS, and IP intelligence solutions, including its cybersecurity operations.

Previously, he was the co-founder and COO of .CO Internet, a successful Internet company based in Miami and Colombia, acquired in 2014 by Neustar. Under his tenure, .CO had incredible growth and became one of the most successful domain extensions in history, with more than 2.2 million domain names registered by people in 200 countries.

Originally from Colombia, Bezsonoff was previously a Director at Citigroup's Investment Bank in New York, overseeing a large global team.

Mr. Bezsonoff holds a degree in industrial engineering with honors from the University of Miami, as well as an MBA from Columbia University and London Business School. He is active in the startup community globally and is a mentor at Ashoka, Endeavor, and several other organizations.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights