Denial of Service

2023

Please provide the information below to view the online Verizon Data Breach Investigations Report.

Submit View only

Thank you.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Thank you.

You may now close this message and continue to your article.

Summary

As Denial of Service continues to dominate our incidents, so do the capabilities of mitigation services. However, there has been a resurgence of low volume attacks that still cause issues to corporations.

What is the same?

Denial of Service attacks continue to be ubiquitous and have remained in the top spot of incidents for several years now.

Frequency		6,248 incidents, 4 with confirmed data disclosure
Threat actors		External (100%) (incidents)

We will not be denied.

As the name would imply, the Denial of Service pattern covers all of those attacks that try to keep you from streaming your next episode of “Below Deck,” watching your next TikTok movie or loading your timeline on Twitter.⁴³ Sadly, all of this can obviously add up to the nuisance of having to acknowledge the real world and the people around us. We can all agree that would be terrible indeed.

However, as some of our readers may know, organizations still actually need the internet to be up and running in order to conduct business. Every year, DoS shows up as a huge volume of Incidents in our datasets, stemming from several different mitigation service partners, including Verizon’s own. They are all doing an excellent job in preventing those Incidents from having any significant impact on organizations. In that light, even though the Denial of Service pattern has consistently taken the top spot in Incidents for the last several years (Figure 44), there is really not a lot of nuance to be discussed here, apart from our usual suggestion to invest in some sort of mitigation service if you care about the continued availability of your network presence on the internet. This is not due to a lack of nuance in the DDoS dataset overall but more a reflection of a lack of the typical details that we traditionally analyze such as Actors, Assets and Attributes.

Even so, it didn’t feel right to deny our readers a Denial of Service section, as there are still important trends and information that are necessary to be reviewed. It’s important to realize they’re still there, even if you can easily solve them. Also, it is a respite to not have to write about Ransomware for a couple of pages.

We are going to need a bigger pipe.

One important point we should touch on is the growth of median and above median percentiles in bits per second of DDoS attacks (see Figure 45).⁴⁴ The median grew a whopping 57%⁴⁵ from 1.4 gigabytes per second (Gbps) last year to 2.2 Gbps now, and the 97.5 percentile grew 25% from 99 Gbps to 124 Gbps. This is to be expected as costs of bandwidth and CPU processing become more accessible and available and suggests a trend that is hard to break on escalating competition between the attackers and mitigating services. Just make sure your contracted service can clear that bar, and most of the impact will likely be absorbed. Let the machines fight it out Transformers-style and crack open a cold beverage while you worry about all the other attack patterns afflicting your corporation.

Even as the volume of garbage in our networks grows, some attacks have a more subtle touch. A point of attention that some of our partners brought to us was the growth of distributed DNS Water Torture⁴⁶ attacks in, you guessed it, shared DNS infrastructure. It is basically a resource exhaustion attack done by querying random name prefixes on the DNS cache server so it always misses and forwards it to the authoritative server. It is quite silly when you think of it, but it can be a heavy burden with some simple coordination by the threat actors’-controlled devices. Make sure to check on your DNS infrastructure resiliency and check for options with your mitigation service as well to make sure you are protected against these attacks too.