Denial of Service

Please provide the information below to view the online Verizon Data Breach Investigations Report.

The information provided will be used in accordance with our terms set out in our Privacy Notice. Please confirm you have read and understood this Notice.

By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our Privacy Policy. California residents can view our California Privacy Notice.

Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time.

Indicates a required field. The content access link will be emailed to you.

View only

Thank You.

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.

Summary

Denial of Service attacks can target different points of infrastructure and will manifest themselves in several forms that organizations need to be prepared to handle.


What is the same?

Denial of Service attacks continue to be ubiquitous and the top pattern for incidents.
 

Frequency

 

16,843 incidents, 3 with confirmed data disclosure

Threat actors

 

External (100%) (all incidents)

Data Breach Investigation Report figure 49

Another year, another victory lap to our running champion, Denial of Service. Figure 49 shows this pattern being responsible for more than 50% of incidents analyzed this year.86 This pattern has been the most prevalent one for several years now, and you don’t have to think very hard to understand why: Denial of Service attacks are relatively cheap to execute, and it is actually fairly easy for them to be successful,87 at least until an organization’s defenses are activated to mitigate them.

Our ongoing analysis of content delivery network (CDN)-monitored, web application-focused Denial of Service attacks shows that even though the median attack size has reduced slightly from 2.2 gigabits per second (Gbps) to 1.6 Gbps, the 97.5th percentile of those attacks88 increased to 170 Gbps from the previous high of 124 Gbps. Figure 50 showcases the data and the other percentile break points like the more realistic and grounded 90th percentiles. Those types of attacks are usually short duration, with large volumes—50% of those attacks are less than five minutes long.

However, this year, we would like to try something different: Those precision-targeted attacks are very high volume. It is interesting to see the contrast to the impact of general distributed DoS (DDoS) filtering on the ISP level, where it is necessary to mitigate against a much wider variety of attacks and is prone to collateral damage from the high-volume ones.

Data Breach Investigation Report figure 50

Figures 51 and 52 represent the distribution of both bits per second and packets per second distribution of ISP-level collateral attacks all over the world.89 This dataset includes attacks on ISPs themselves; enterprises that paid for DDoS protection from their ISPs; and even individual users with broadband, mobile, wireless or satellite.90 It’s clear that these are much smaller in size because the volume for this diverse group would not need to be as big as for enterprises. Those are also longer duration attacks, with the median attack time being around nine minutes.91 All in all, this class of Denial of Service attacks might be more representative of the challenges a non-e-commerce or heavily extranet service-oriented organization might face.

Additionally, our subject matter experts (SMEs) continue to report the growth of low-volume, persistent attacks on high-interaction services such as Domain Name System (DNS). When you want to take someone off the internet, there is more than one way to peel a potato.92

At the end of the day, our recommendation remains the same as in the previous years. There is relatively minimal setup necessary for a DoS attack to take place, so organizations should consider having some sort of automated or semi-automated protection system to help mitigate those. There is not a lot more to be done than to be prepared for the eventuality of some threat actor wanting to sever you from the internet for a while. To think otherwise is to live in denial.

Data Breach Investigation Report figure 51
Data Breach Investigation Report figure 52

86 No electric toothbrushes were harmed during this observed growth of the Denial of Service pattern.

87 To some degree of negligible success

88 Or as we like to call it, “the statistical worst-case scenario that is not that weird outlier messing up your data analysis.”

89 Look at the size of that number of samples (n)!

90 Psst! Don’t tell the Verizon Consumer Group we are encroaching on their turf.

91 More than enough to mess up your online poker match

92 The DBIR is pet-friendly and condemns the “skinning of cats” as a figure of speech.

Let’s
connect

Call Sales
877-297-7816

Have us contact you
Request a call

Call for Public Sector
844-825-8389