Lumen forecasts ‘expansion of victim pool’ for DDoS attacks
Cyber criminals have started to use the cloud in their attacks on networks, says Lumen in its latest report on cyber attacks.
Lumen says in its report on distributed denial of service (DDoS) attacks that there is an “expansion of the victim pool”.
Lumen CTO Andrew Dugan (pictured) said: “In addition to mitigating the largest DDoS attack to-date in 2022, we observed hit-and-run style attacks along with complex campaigns targeting governments, civilian infrastructure and high-profile industries. We expect these trends to continue in 2023, underscoring the need for comprehensive web application and API security solutions.”
There’s also a focus on smaller and mid-size businesses as targets of attack, said Lumen, and cyber criminals are expected coordinate attacks to coincide with holidays and culturally significant events throughout 2023.
Dugan added: “Companies’ digital interactions with partners and customers are accelerating, and that’s led to both an increase in attacks, and subsequent investments in DDoS- and application layer-protections.”
Lumen said that “large organisations continue to fortify their defences, so we believe attackers might begin targeting small- and mid-size businesses. These organisations typically have fewer cyber defences, but they still have critical data and applications that could attract criminals.”
It warns: “Cybercriminals and defenders are constantly manoeuvring to stay one step ahead. In 2022, attackers began leveraging cloud-based, virtual services in ways never seen before. We anticipate they will look for similar new attack methods in 2023.”
The most popular week for DDoS attacks in 2021 and 2022 were the days surrounding the 4 July holiday in the US, said the company.
Lumen calculated the cost of a DDoS attack on a $2 billion turnover software and technology company with a small IT team with two employees dedicated to fixing security issues.
“On average, security-related incidents generate 25 customer support calls per hour,” it says. But “this organisation is expected to be targeted with 13 DDoS attacks per year resulting in 19 hours of downtime per attack at a cost of nearly $21 million.” That works out as around 1% of turnover.