The State of Cybersecurity: The DDoS Threat

Feb. 2, 2023
Almost anyone (even novice hackers) can hire a malicious actor or download the tools and aim it against a network or an individual organization.

Last week we launched our article series on DDoS protection in a connected world. This week we'll outline the state of cybersecurity and DDoS.

As we look at the digital landscape, we quickly see that data is growing in proportion to how much it’s worth to the bad guys. According to Cisco, the current market around cybercrime ranges between $450 billion to $1 trillion per year, and further estimates expect this number to increase. How do the bad guys keep making this kind of money? Simple. Hackers, cybercriminals, hacktivists, and nation- states have learned to monetize their opportunities. While researching the Dark Web, researchers were able to find out how much your data is worth.

And they learned what it costs to do things like DDoS-as-a-Service:

  • Social Security Number: $1
  • DDoS as a Service: A DDoS attack service typically ranges between $7-$25 an hour. However, depending on the target and size, prices are highly variable. A DDoS attack can cost from $5 for a 300-second attack to $400 for 24 hours or more.
  • Medical Records: >$50
  • Credit Card Data: $0.25 - $60
  • Bank Account Info: >$1,000 (Depending on the type of account and balance)
  • Mobile Malware: $150
  • Malware Development: $2,500 (commercial malware)
  • Spam: $50 for about 500k emails (depending on the number of emails and destination)
  • Custom Exploits: $100k – $300k
  • Facebook Account: $1 for an account with at least 15 friends

Almost anyone (even novice hackers) can hire a malicious actor or download the tools and aim it against a network or an individual organization.

However, beyond script kiddies who can deploy simple DDoS attacks, the current security state is far more complex. New attacks aim to go beyond traditional means of disrupting a network via DDoS. For example, a recent Google Cloud customer was targeted with a series of HTTPS DDoS attacks, which peaked at 46 million requests per second.

To shed some perspective, this was the largest Layer 7 DDoS attack to date. And it was at least 76% more significant than any previously reported Layer 7 DDoS attack.

Here’s why these types of attacks are so challenging to overcome. Not only was there a very high volume of traffic, but there were also more than 5000 source IPs from over 130 countries. The attack leveraged encrypted requests (HTTPS), which would have taken added computing resources to generate.

To overcome this attack, Google had to go to the edges of its network. To support their customer, they needed to detect the DDoS attack early in its life cycle, analyze its incoming traffic, and generate an alert with a recommended protective rule–all before the attack ramped up.

New Security Threats are Real. Hope is Not a Good Strategy

In a world where slow is the new down, we must move away from hope to implementing actual strategies around protection.

From a data center provider’s perspective, these attacks are dangerous. The challenge becomes the multiple threat vectors that emerge from a DDoS attack. Outside of the infrastructure damage, the damage to business and the client base may be even worse. Data center colocation providers must ensure the safety of their telecommunications and network operations.

Maintaining constant connectivity is paramount to a business’s success as a critical infrastructure industry. However, with new DDoS threats, ensuring uptime becomes more challenging.

It’s important to note that specialized DDoS protection systems provide enhanced protection.

Although we’ll cover this later in our article series, it’s important to note that specialized DDoS protection systems provide enhanced protection. This is specifically true when enabling techniques to mitigate these attacks, such as actionable (large-scale) threat lists pulling from multiple threat databases, traffic anomaly inspection, finding traffic baseline violations, using artificial intelligence (AI) and machine learning (ML), and more.

Download the entire special report, The Security Gap: DDoS Protection in a Connected World, featuring A10, to learn more. In our next article, we'll focus on you, the data center operator, and how DDoS impacts the daily lives of data center professionals.

About the Author

Bill Kleyman

Bill Kleyman is a veteran, enthusiastic technologist with experience in data center design, management and deployment. Bill is currently a freelance analyst, speaker, and author for some of our industry's leading publications.

Sponsored Recommendations

Guide to Environmental Sustainability Metrics for Data Centers

Unlock the power of Environmental, Social, and Governance (ESG) reporting in the data center industry with our comprehensive guide, proposing 28 key metrics across five categories...

The AI Disruption: Challenges and Guidance for Data Center Design

From large training clusters to small edge inference servers, AI is becoming a larger percentage of data center workloads. Learn more.

A better approach to boost data center capacity – Supply capacity agreements

Explore a transformative approach to data center capacity planning with insights on supply capacity agreements, addressing the impact of COVID-19, the AI race, and the evolving...

How Modernizing Aging Data Center Infrastructure Improves Sustainability

Explore the path to improved sustainability in data centers by modernizing aging infrastructure, uncovering challenges, three effective approaches, and specific examples outlined...

SeventyFour / Shutterstock.com

Improve Data Center Efficiency with Advanced Monitoring and Calculated Points

Max Hamner, Research and Development Engineer at Modius, explains how using calculated points adds up to a superior experience for the DCIM user.

White Papers

Dcf Imdcwp Cover 2023 01 11 17 19 43

Infrastructure Planning Report - EMEA - Frankfurt

Jan. 11, 2023
In this white paper, Iron Mountain Data Centers provides an overview of the German colocation market. It explores strengths and weaknesses of the market as well as the latest ...