InfoSecBulletin Cybersecurity for mankind
DDoS attacks increased by 106% from the second half of 2023 to the first half of 2024. The average duration of a DDoS attack is now 45 minutes, marking an 18% increase from last year and costing unprotected organizations around $270,000 per attack, at an average rate of $6,000 per minute.
Short attacks can be as harmful as long ones, as they can test a target’s defenses. DDoS attacks are changing, and attackers now use multi-vector attacks, combining different methods into a short attack and repeating the process. Understanding these changes is important.
Delay patching leaves about 50,000 Fortinet firewalls to zero-day attack
Daily Security Update Dated: 21.01.2025
126 Linux kernel Vulns Allow Attackers Exploit 78 Linux Sub-Systems
CERT-UA alerts about “security audit” requests through AnyDesk
Oracle Critical Pre-Release update addressed 320 flaw
OWASP Reveils Top 10 Smart Contract Vulnerabilities for 2025
Multiple Azure DevOps Vulns Allow To Inject CRLF Queries & Rebind DNS
Intel holds 22 employees from one Bangladeshi University
VPN Surge 1500% in USA after TikTok Shut Down
MITRE Launches D3FEND 1.0; The Milestone for Cybersecurity Ontology
According to Zayo, In the first half of 2024, nearly 86% of DDoS attacks lasted less than 10 minutes, an increase from 72% in the second half of 2023.
For the first time in the history of this report, HR and staffing, legal and consulting, and transportation firms were targeted by the top 10% of the largest DDoS attacks observed.
“As we predicted last year, DDoS attacks in the age of AI have become more persistent and frequent across all industries, and our latest report confirms this heightened level as the new norm. What’s worse, if this trend continues, we expect attacks could increase another 24% by the end of the year,” said Max Clauson, SVP of Network Connectivity at Zayo. “The only way to fight back is to add protection to your tech stack. When your business is protected, attackers have no other option but to move on to find an easier target.”
Hackers target business hours for maximum disruption:
Telecommunications companies are the main target of 57% of all attacks. Other frequently targeted industries are education (19%), manufacturing (5%), and cloud/SaaS (5%).
Manufacturing is now the industry with the most DDoS attacks, followed by healthcare (up 128.5% from H1 2023). These companies saw a 308% increase in attack duration from 2023 to 2024 and a 200% increase in attack size.
Government entities are still enduring the longest attacks, lasting over six hours on average, which is a 41% increase from the first half of 2023.
Attackers continue to launch their attacks at the most disruptive times, typically during the business week and specifically during business hours. Even hackers from overseas synchronize their attacks with the busiest periods of the target’s business day.
For almost 30 years, DDoS attacks have been effective. The use of AI to carry out these attacks is making them more powerful, sneaky, and common. Every business needs to know that they are a target, regardless of their industry or size.
DDoS attacks can cause serious financial and reputational harm, leading to revenue losses and lasting damage to brand trust. The cost of dealing with these attacks and restoring services is high, using resources that could be used for growth and innovation. Businesses need to have a strong network protection strategy to stand a chance against these attacks.
