InfoSecBulletin Cybersecurity for mankind
DDoS attacks increased by 106% from the second half of 2023 to the first half of 2024. The average duration of a DDoS attack is now 45 minutes, marking an 18% increase from last year and costing unprotected organizations around $270,000 per attack, at an average rate of $6,000 per minute.
Short attacks can be as harmful as long ones, as they can test a target’s defenses. DDoS attacks are changing, and attackers now use multi-vector attacks, combining different methods into a short attack and repeating the process. Understanding these changes is important.
Joint cybersecurity advisory
Botnet infects 260,000 SOHO routers, IP cameras with malware
Chrome 129 Released Fix with multiple Security Flaws
Broadcom fixed RCE bug in VMware vCenter Server
Cybercriminal now misuse Microsoft Azure tool to steal data
Apple warns users to install iOS 18 to Fix 33 iPhone Vulnerabilities
CISA adds windows and whatsUp Gold vuls to its KEV
Petroleum and Fuel Industry
FleetPanda exposes Nearly One Million Documents
DESCO faces cyber attack: Customers Data Breach
Alert! Google Fixes GCP Composer Flaw
CTF in Bangladesh: Unveiling Challenges, Opportunities and remedies
According to Zayo, In the first half of 2024, nearly 86% of DDoS attacks lasted less than 10 minutes, an increase from 72% in the second half of 2023.
For the first time in the history of this report, HR and staffing, legal and consulting, and transportation firms were targeted by the top 10% of the largest DDoS attacks observed.
“As we predicted last year, DDoS attacks in the age of AI have become more persistent and frequent across all industries, and our latest report confirms this heightened level as the new norm. What’s worse, if this trend continues, we expect attacks could increase another 24% by the end of the year,” said Max Clauson, SVP of Network Connectivity at Zayo. “The only way to fight back is to add protection to your tech stack. When your business is protected, attackers have no other option but to move on to find an easier target.”
Hackers target business hours for maximum disruption:
Telecommunications companies are the main target of 57% of all attacks. Other frequently targeted industries are education (19%), manufacturing (5%), and cloud/SaaS (5%).
Manufacturing is now the industry with the most DDoS attacks, followed by healthcare (up 128.5% from H1 2023). These companies saw a 308% increase in attack duration from 2023 to 2024 and a 200% increase in attack size.
Government entities are still enduring the longest attacks, lasting over six hours on average, which is a 41% increase from the first half of 2023.
Attackers continue to launch their attacks at the most disruptive times, typically during the business week and specifically during business hours. Even hackers from overseas synchronize their attacks with the busiest periods of the target’s business day.
For almost 30 years, DDoS attacks have been effective. The use of AI to carry out these attacks is making them more powerful, sneaky, and common. Every business needs to know that they are a target, regardless of their industry or size.
DDoS attacks can cause serious financial and reputational harm, leading to revenue losses and lasting damage to brand trust. The cost of dealing with these attacks and restoring services is high, using resources that could be used for growth and innovation. Businesses need to have a strong network protection strategy to stand a chance against these attacks.
