Zayo Group, a prominent global communications infrastructure provider, has unveiled its semi-annual report on Distributed Denial of Service (DDoS) Insights. The report highlights a notable surge in the intensity of DDoS attacks and their adverse effects on businesses during the latter half of 2023. According to Zayo’s latest data, the average duration of a DDoS attack in 2023 was 68 minutes. Unprotected organizations faced an average cost of $6,000 per minute per attack, resulting in a staggering total average cost of $408,000 for DDoS attacks.
The substantial increase in the duration of DDoS attacks throughout the year, rising by over 400% from Q1 to Q4, played a pivotal role in driving up the associated costs. The average attack duration escalated from 24 minutes to 121 minutes, showcasing a concerning trend both from a security perspective and a financial standpoint.
While the volume of DDoS attacks witnessed a 200% increase in the first half of 2023 compared to 2022, it appeared to contract in the latter half. However, across all industries, there was a 16% rise in malicious activity when comparing Q4 to Q1 2023. Additionally, the nature of attacks is evolving, with volumetric attacks giving way to multi-vector attacks. These attacks target individual IP addresses, email systems, databases, or web browsers, making them more challenging to detect.
Anna Claiborne, Senior Vice President of Network Connectivity at Zayo, notes the increasing sophistication of cybercrime. She emphasizes the dual role of artificial intelligence (AI) in this context, as criminals leverage AI to enhance attack sophistication, while mitigation platforms use AI to identify and defend against emerging threats. Claiborne acknowledges that DDoS attacks remain a profitable model for cybercriminals, posing an ongoing and severe threat to businesses. Nevertheless, she expresses optimism about the effectiveness of anti-DDoS protection.
Key sector-specific findings from the report include:
- Telecommunications companies experiencing the highest frequency of attacks, constituting approximately 40% of the total attack volume, totaling almost 13,000 attacks in the second half of 2023.
- Retail and healthcare companies encountering the largest attacks, with an average size of 2.5 Gbps in these sectors.
- Government agencies enduring the longest attacks, with the average duration soaring from 4 hours in the first half of 2023 to 18 hours in the second half, representing a 322% increase.
- Educational institutions contributing to 17% of all attacks, attributed to the accessibility and affordability of botnet services and cybersecurity gaps.
Despite these sector-specific nuances, the report emphasizes that DDoS attacks are a pervasive threat affecting organizations irrespective of size, industry, or business model. These attacks result in substantial financial losses, reputational damage, and customer loss. The report underscores the urgency for businesses to adopt advanced and forward-thinking DDoS protection due to the persistently evolving nature of these attacks. Eric O’Neill, National Security Strategist at Carbon Black, highlights the prevalence of cybercrime on the Dark Web and emphasizes the need for user-friendly and effective DDoS protection to counteract the innovative tactics employed by bad actors. O’Neill stresses that, given the current landscape, it’s not a matter of if, but when the next DDoS attack will occur, making robust protection essential for businesses.
