Zayo Group, a communications infrastructure provider, has released its annual Distributed Denial of Service (DDoS) Insights Report, which found a significant increase in the intensity of DDoS attacks – and their impacts on businesses – in the second half of 2023. According to Zayo data, the average DDoS attack lasted 68 minutes in 2023. With unprotected organisations shelling out an average of £4,700 per minute of each attack, that totals £325,000 average cost to businesses for DDoS attacks.

A key driver to this cost was the steep rise in the duration of DDoS attacks throughout the year. The average length of attacks surged by more than 400 per cent from Q1 to Q4 of last year — from an average of 24 minutes to 121 minutes — signalling a worrying trend from both security and cost perspectives.

The volume of DDoS attacks in the first half of 2023 – up 200 per cent from all of 2022 – seemed to have contracted in the second half of the year. Across all industries, comparing Q4 to Q1 2023, companies saw a 16 per cent increase in attack activity. The outlook isn’t exactly promising, however: volumetric attacks are being replaced by multi-vector attacks, spreading destruction more widely by targeting individual IP addresses, email systems, databases or web browsers – which are much harder to detect.

“What we’re seeing is that cybercrime is only getting savvier,” said Anna Claiborne, Senior VP of Network Connectivity at Zayo. “AI is presenting itself as a double-edged sword in this space. On one side of the blade, criminals are using AI to increase the sophistication of attacks and circumvent traditional defence mechanisms; on the other, mitigation platforms are using AI to dynamically identify and defend against new and emerging threats. As DDoS remains a profitable model for cybercriminals, attacks will continue to be a brutal inevitability for businesses. But luckily, DDoS protection is also rising to the occasion.”

Key Findings by Industry:

• Telecommunications companies experienced the most frequent attacks, comprising about 40 per cent of total attack volume with nearly 13,000 attacks in H2 2023.

• Retail and healthcare companies experienced the largest attacks in H2, with an average attack size of 2.5 Gbps across companies in these two industries.

• Government entities once again experienced the longest attacks with the average attack duration increasing from 4 hours in H1, to 18 hours in H2, increasing by 322 per cent. This is a 1,141 per cent increase from Q1 to Q4 of 2023.

• Educational institutions accounted for 17 per cent of all attacks last year, thanks in part to the ease and affordability of botnet-for-hire services combined with frequent gaps in the cybersecurity of the institutions.

“Most people on the internet aren’t plotting a DDoS attack, but the internet is a big place and Dark Web crime is the fastest growing business on earth,” said Eric O’Neill, National Security Strategist at Carbon Black. “We’re in an attacker’s market and they are leveraging sophisticated technologies and cutting-edge techniques to innovate the way they deceive, disrupt and destroy our most critical data. To stop the attackers from gaining the upper hand, we need DDoS protection that is as easy and effective as turning on a switch.”

Categories: Articles, Broadband, Markets, Research, Telco

Tags: ddos, telco, Zayo