InfoSecBulletin Cybersecurity for mankind
DDoS attacks increased by 106% from the second half of 2023 to the first half of 2024. The average duration of a DDoS attack is now 45 minutes, marking an 18% increase from last year and costing unprotected organizations around $270,000 per attack, at an average rate of $6,000 per minute.
Short attacks can be as harmful as long ones, as they can test a target’s defenses. DDoS attacks are changing, and attackers now use multi-vector attacks, combining different methods into a short attack and repeating the process. Understanding these changes is important.
CVE-2024-51503
Trend Micro released updates for Deep Security Agent RCE
Apple Releases Patch for two Actively Exploited Zero-Day
Maxar Space Data Leak, Company admit, Investigation ongoing!
GitHub CLI Vulnerability Could Allow RCE
“Sarcoma” ransomware group
Hacker to disclose “Popular Life Insurance” 36 GB of stolen data
BugHunt 2024: A Milestone Cyber security Competition held at Dhaka
TP-Link DHCP Vulnerability Allow Attackers Takeover Routers Remotely
WSJ reports
T-Mobile hacked in massive breach of telecom networks
Palo Alto Networks Confirms critical RCE zero-day actively exploited
CISA, FBI Warns
Hacker compromised multiple teleco network at US
According to Zayo, In the first half of 2024, nearly 86% of DDoS attacks lasted less than 10 minutes, an increase from 72% in the second half of 2023.
For the first time in the history of this report, HR and staffing, legal and consulting, and transportation firms were targeted by the top 10% of the largest DDoS attacks observed.
“As we predicted last year, DDoS attacks in the age of AI have become more persistent and frequent across all industries, and our latest report confirms this heightened level as the new norm. What’s worse, if this trend continues, we expect attacks could increase another 24% by the end of the year,” said Max Clauson, SVP of Network Connectivity at Zayo. “The only way to fight back is to add protection to your tech stack. When your business is protected, attackers have no other option but to move on to find an easier target.”
Hackers target business hours for maximum disruption:
Telecommunications companies are the main target of 57% of all attacks. Other frequently targeted industries are education (19%), manufacturing (5%), and cloud/SaaS (5%).
Manufacturing is now the industry with the most DDoS attacks, followed by healthcare (up 128.5% from H1 2023). These companies saw a 308% increase in attack duration from 2023 to 2024 and a 200% increase in attack size.
Government entities are still enduring the longest attacks, lasting over six hours on average, which is a 41% increase from the first half of 2023.
Attackers continue to launch their attacks at the most disruptive times, typically during the business week and specifically during business hours. Even hackers from overseas synchronize their attacks with the busiest periods of the target’s business day.
For almost 30 years, DDoS attacks have been effective. The use of AI to carry out these attacks is making them more powerful, sneaky, and common. Every business needs to know that they are a target, regardless of their industry or size.
DDoS attacks can cause serious financial and reputational harm, leading to revenue losses and lasting damage to brand trust. The cost of dealing with these attacks and restoring services is high, using resources that could be used for growth and innovation. Businesses need to have a strong network protection strategy to stand a chance against these attacks.
