DDoS protection and mitigation is a set of procedures and techniques executed across an enterprise to mitigate DDoS (Distributed Denial of Service) attacks caused by attackers to overtake their traffic by flooding the victims’ resources with false requests. These attacks make the victim unable to serve legitimate requests.
A successful distributed denial of service attack is critical for organisations to keep their internals safe from cyber vandals, extortionists, hacktivists, and competitors. The DDoS protection and mitigation market has shown consistent growth with an increase in the number of multi-vector DDoS attacks, harming organisations that attract handsome traffic. As per Straits Research, the global DDoS protection and mitigation market is estimated to have generated a total revenue of USD 2.5 billion in 2020 and is expected to reach USD 4.8 billion by 2027, growing at a CAGR of 11%.
The attackers have discovered effective ways to hold the organisations in their hands. The first DoS-style attack was reported to have occurred during the week of February 7, 2000. An exponential rise in the IoT and weak security systems in organisations have increased the risks of such attacks, making them available to be deployed as botnets to launch high-intensity attacks. There are over 10 billion active IoT devices, reported by Straits Research in 2021. Recent estimates by Straits Research indicate that the number of IoT devices will register a 16.5% CAGR between 2021–2027 and surpass 25.4 billion by 2030, which ultimately will give a broader space to DDoS attacks.
Hackers try to launch the following types of DDoS attacks:
Volumetric DDoS attacks are designed to take over the internal network capacity with a powerful capability to invade critical Service Provider (SP) services or enterprise customers with malicious attacks that are immune to centralised DDoS mitigation facilities. These DDoS attacks try to consume the bandwidth within the target network or service or between the target network or service and the Internet. The launch spoofed queries that saturate the destination with large reply packets, causing the target network infrastructure to collapse.
Weak internet communication protocols lead to protocol attacks. Inherent complexity plays a vital role in igniting protocol attacks, as when existing flaws are corrected; new weaknesses are introduced, enabling new kinds of protocol and network attacks.
Application layer DDoS attacks are structurally designed to attack the application itself, resulting in the introduction of an application that is incapable of delivering the content to the user. The most common application layer attack is on web servers. However, it is not restricted to it; it goes far to SIP voice services and BGP.
Although these attacks had drastically declined in 2018, they increased exponentially in the first quarter of 2019, i.e., an estimated increase of 84% over the previous year. Some major DDoS attacks that have occurred in recent years are listed below:
Amazon faced a malicious attack in February 2020. This attack was launched using hijacked CLDAP web servers, which amplified the amount of data sent to the victim’s IP address by 56–70 times. A gigantic DDoS attack hit the 800-pound gorilla of cloud computing.
The Google attack, which occurred in 2017, was caused by various networks used to spoof 167 Mpps (millions of packets per second) to 180,000 exposed CLDAP servers that became a cause for sending several huge responses. This attack was estimated to be larger than the record-breaking 623 Gbps attack that was known to have occurred on the Mirai botnet a year ago.
Spamhaus was the best spam filtering organisation globally, which tackled 80% of the spam emails in 2013. Scammers attacked the Spamhaus system through a British teenage hacker. This attack was estimated at 300 Gbps. When Spamhaus countered the threat by using a DDoS mitigation service, the attacker came up with a new technique, trying to bring it down as well. Other companies also got affected as this responsive attack caused network disruptions throughout Britain.
The BBC attack in 2015 took down the BBC’s sites, including its iPlayer on-demand service, for about three hours. The tool used to launch this attack utilised the cloud computing resources of two Amazon AWS servers.
DDoS attacks cause customers to lose trust in the organization. When a DDoS attack occurs, no user can communicate with the company as the applications are inaccessible. It causes massive service unavailability. Thus, the company fails to meet the Service Level Agreement (SLA) with the customers.
Kaspersky conducted research in 2019 which showed that the average price a DDoS attack can cost small and medium businesses is around USD 120K. For larger companies, the cost could reach $2 million.
DDoS extortion attacks are also known as Ransom DDoS (RDDoS) attacks. Malicious attackers extort money in these kinds of attacks. The money is extracted from the organisations by threatening Distributed Denial of Service (DDoS). The legitimate traffic is restricted, similar to accessing the applications or services in these attacks.
Organizations largely experience DDoS damage. According to Straits Research, 20% of businesses with 50 or more employees have suffered at least one DDoS attack, with enterprises being most affected (24%).
Some attacks cause the services to sleep for about 2–7 days and sometimes for months. Attacks that involve a network intrusion are estimated to be 32% of all attacks.
Vendors face different kinds of challenges when it comes to mitigating and preventing DDoS attacks. The biggest barriers to DDoS prevention and mitigation are as under:
Attackers use different techniques for different kinds of applications. When a system is immune to malicious attacks, it is not immune to other possible attacks in the world of DDoS. These various attacks include HTTP flood, ping of death, slowloris, UDP flood, smurf attack, fraggle attack, and more.
More bandwidth and redundancy in the infrastructure are required to prevent these attacks. Network hardware configuration against DDoS attacks is primary when it comes to prevention. Similarly, best-fit DNS servers for the system are also essential; but it is arduous to corporate these into one system.
The clean pipe is one of the most common DDoS mitigation implementation methods of all time. The incoming traffic passes through a cleaning center, known as a "scrubbing center," where malicious traffic is identified and separated. In this way, only legitimate traffic is allowed to get to the server.
Volumetric DDoS attacks can be prevented by DDoS protection technologies such as remotely-triggered blackholing (RTBH) and source-based remotely-triggered blackholing (S/RTBH). These methods have proved to be effective when implemented wisely.
Protocol attacks can be prevented by combining firewalls, VPNs, anti-spam, content filtering, and other security layers to monitor activities and traffic.
Many companies mitigate DDoS attacks by providing technical security measures. By the type of clients, DDoS mitigation service providers will reach a market size of USD 3.5 billion, at a CAGR of 15%.
Some of the leading companies providing DDoS protection and mitigation services include A10 Networks U.S., Akamai U.S., Allot, Corero, Cloudflare, Fastly, CDNetworks (Wangsu), F5Networks, Link11, Lumen, Neustar, NSFOCUS, Netography, Radware, AWS, Imperva, NETSCOUT, Nexusguard, and Google.
The increased network and application targeting of DDoS attacks and the rising growth of the Internet of Things (IoT) increase the demand for the DDoS protection and mitigation market. Thus, organisations are rapidly growing their partnerships and methodologies to mitigate and prevent DDoS attacks worldwide.
Western countries appear to be more informed of DDoS attacks and their prevention. Most organisations built on DDoS prevention and mitigation are based in the west, specifically in the United States, except that China in the Asia region is a hub for many of these companies, including Alibaba Cloud, Genie Networks Ltd, Huawei, NSFOCUS Technologies Group Co., Ltd., Cloudflare Inc., Akamai Technologies, Inc., Radware Inc., Imperva, F5 Networks Inc., and NETSCOUT Systems.
Brazil has reported a significant increase in the number of DDoS attacks. NSFOCUS has focused its efforts on building and creating planned collaborations with leading IT and security companies to deliver solutions and products for customers in the Latam region. Countries, namely Brazil, Argentina, and Peru, have shown more awareness and insight into DDoS mitigation and prevention.
With an increase in IoT devices worldwide, the number of hackers and attackers has also increased. The exploitation and illegitimate use of IoT devices have also increased over time. Weak network infrastructures and weak integration of security services into the system cause a rise in malicious attacks. The newly introduced technology, 5G, is expected to surge in DDoS attacks shortly as it contains security holes.
Money exploitation and ransomware attacks, along with cybercrime, are increasing exponentially. Covid-19 has rebirthed these attacks as the workload was shifted to online systems, facilitating the attackers to exploit the situation in 2020.
Cybercriminals are taking undue advantage of the pandemic. DDoS mitigation providers reported a higher number of DDoS attacks in 2020, an estimated increase of nearly 500% since the start of the COVID-19 pandemic.
As reported by Cybersecurity Ventures, the costs due to cybercrime, including all forms of harmful attacks, will grow by 15% annually and reach USD 10.5 trillion by 2025.
Efficient and intelligent DDoS attacks put low-security systems in trouble. As artificial intelligence is expected to replace the workforce in the future, AI-based DDoS will increase. AI and ML are exploited to design effective and intelligent DDoS attacks resistant to mitigation and prevention techniques.
The trend of online jobs is also lifting its head due to the lockdown caused by the global pandemic. Many profit and non-profit organisations use systems that depend on VPNs to secure their networks and increase the work-from-home opportunities for employees, making them the pivot of malicious attacks.
The region also accounts for a significant number of DDoS attacks, which are likely to increase across multiple end-user industries, driving the demand for DDoS protection solutions. According to the White House Council of Economic Advisers, the U.S. economy loses approximately USD 57 billion to USD 109 billion per year to harmful cyber activity. The U.S. government has also signed a law to establish a Cybersecurity and Infrastructure Security Agency (CISA).
The North American region is home to sizeable DDoS attacks, which drive the demand for DDoS protection solutions. The intense competition among the vendors has excited them to provide better mitigation services. In 2020, North America will generate approximately USD 1.5 billion in revenue.
The DDoS mitigation and prevention providers are classified into four categories: scrubbing centers, i.e., centralised data cleansing stations that analyse the traffic to filter the malicious traffic from it; content delivery networks (CDNs) that mitigate the physical distance between server and user to mitigate the delays in loading a web page; CSPs; and hosting providers.
Cloud adoption also increases DDoS attacks. A hybrid cloud unifies the public and private cloud to create an infrastructure for cloud computing, but it leads to data loss, account hacking, data leakage, service hijacking, and insecure APIs. It will increase the demand for DDoS prevention and mitigation services.
Straits Research has an annual publication on the Global DDoS Protection and Mitigation Market which provides an in-depth analysis of the market both in qualitative and quantitative terms. Various opportunities for existing and new players are mentioned in the report. You may proceed to enquire about this market report below.
Husain is a Director in Straits Research. He has been helping Enterprise Tech companies with GTM strategies and audience building for more than a decade. Being an active leader in the domain registry and web hosting space, he leverages his wide reach and network in helping companies to navigate through digital challenges and mitigate cyber risks through consulting.