InfoSecBulletin Cybersecurity for mankind
DDoS attacks increased by 106% from the second half of 2023 to the first half of 2024. The average duration of a DDoS attack is now 45 minutes, marking an 18% increase from last year and costing unprotected organizations around $270,000 per attack, at an average rate of $6,000 per minute.
Short attacks can be as harmful as long ones, as they can test a target’s defenses. DDoS attacks are changing, and attackers now use multi-vector attacks, combining different methods into a short attack and repeating the process. Understanding these changes is important.
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum
Cisco Confirms
Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets
Check Point Flaw Used to Deploy ShadowPad and Ransomware
CVE-2024-12284
Citrix Issues Security Update for NetScaler Console
CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries
Hacker chains multiple vulns to attack Palo Alto Firewall
150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh
Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru
According to Zayo, In the first half of 2024, nearly 86% of DDoS attacks lasted less than 10 minutes, an increase from 72% in the second half of 2023.
For the first time in the history of this report, HR and staffing, legal and consulting, and transportation firms were targeted by the top 10% of the largest DDoS attacks observed.
“As we predicted last year, DDoS attacks in the age of AI have become more persistent and frequent across all industries, and our latest report confirms this heightened level as the new norm. What’s worse, if this trend continues, we expect attacks could increase another 24% by the end of the year,” said Max Clauson, SVP of Network Connectivity at Zayo. “The only way to fight back is to add protection to your tech stack. When your business is protected, attackers have no other option but to move on to find an easier target.”
Hackers target business hours for maximum disruption:
Telecommunications companies are the main target of 57% of all attacks. Other frequently targeted industries are education (19%), manufacturing (5%), and cloud/SaaS (5%).
Manufacturing is now the industry with the most DDoS attacks, followed by healthcare (up 128.5% from H1 2023). These companies saw a 308% increase in attack duration from 2023 to 2024 and a 200% increase in attack size.
Government entities are still enduring the longest attacks, lasting over six hours on average, which is a 41% increase from the first half of 2023.
Attackers continue to launch their attacks at the most disruptive times, typically during the business week and specifically during business hours. Even hackers from overseas synchronize their attacks with the busiest periods of the target’s business day.
For almost 30 years, DDoS attacks have been effective. The use of AI to carry out these attacks is making them more powerful, sneaky, and common. Every business needs to know that they are a target, regardless of their industry or size.
DDoS attacks can cause serious financial and reputational harm, leading to revenue losses and lasting damage to brand trust. The cost of dealing with these attacks and restoring services is high, using resources that could be used for growth and innovation. Businesses need to have a strong network protection strategy to stand a chance against these attacks.
