Evolving DDoS Attack Tactics Targeting Small Businesses: What You Need to Know

Cybersecurity Threat Report Data From Comcast Business Report.

The rise of DDoS (Distributed Denial of Service) attacks is old news. But now, these attacks are becoming more dangerous, targeted and detrimental to small businesses. As DDoS attacks become more sophisticated, bad actors can home in on the most vulnerable targets, which are often small businesses.

The 2023 Comcast Business Cybersecurity Threat Report finds that DDoS attacks are still significant cybersecurity threats. Out of 23.5 billion overall cybersecurity attacks detected last year, the report found a staggering 210 million attempts to use DDoS attacks to affect business operations by shutting down critical application servers and network resources.

In short, DDoS attacks are here to stay. Knowing how their tactics are changing and how to take action to defend against them will help small businesses keep their operations secure and running smoothly.

Ease of executing DDoS attacks

Last year saw a continuing evolution of sophisticated DDoS activities, with greater concentrations in certain industries, along with changes in the manner of attacks. While certain industries are at higher risk, all sectors remain vulnerable.

As they’ve evolved, these attacks have remained prevalent for several reasons. First, they’re quick and sudden. Short-burst attacks under 10 minutes long were the most common in 2022.  Multiple short-duration attacks can exhaust a small business’ IT resources because new ones can start while the organization is still dealing with the previous one. What’s more, short-duration attacks are much harder to detect, especially if organizations try using firewall rate-limiting policies to stop them, rather than carrier-grade services. While IT remains in an endless loop of dealing with multiple attacks, adversaries can use the distraction as a smokescreen to execute more insidious attacks elsewhere.

DDoS attacks are also incredibly easy and cheap to create, making them a popular choice among cyberattackers. Tools like botnets can be bought or rented online to carry out DDoS attacks for low prices. The cost of a 100 Gbps attack on the dark web is around $20. And, carrying out a DDoS attack today requires little to no technical knowledge, unlike a few years ago when determined attackers needed to assemble their own botnets. Now, all the attackers need to know is the target IP address or range of IP addresses they want to attack.

The most targeted and susceptible businesses

All small businesses, regardless of the industry, are targets of DDoS attacks. While it may seem more beneficial to perform cyberattacks on a larger business, small businesses are the ideal candidates for cyberattacks, due to their small size and limited IT capabilities. While no industry is safe, those with unique vulnerabilities like customer information, business records or financial data are at even greater risk.

Education organizations are some of the most targeted verticals for DDoS attacks, accounting for 46% of attacks in 2022. The volume of technology used in schools and free WiFi networks make them attractive targets for DDoS attacks. Computers and tablets are essential for students. As schools continue to integrate these technologies in the classroom, they don’t always account for the risks that can come with them. If the internet goes down at a school, most of the work stops. Today, grading, projects, homework and exams are all hosted in Software-as-a-Service (SaaS) applications in schools everywhere. With so much work and data hosted in one place, an attack can have a devastating impact.

Another highly targeted vertical industry is the IT and Technical Services sector, which accounted for 25% of attacks in 2022. This industry offers a variety of potential vectors hackers can exploit – with attackers’ main goal being to look for sensitive information or to gain access to end users. While the IT professionals who work to resolve attacks for their customers are on the front lines, their own operations are left susceptible to attack – especially for small businesses.

DDoS attacks against finance and healthcare businesses are common, as well, and accounted for 14% and 13% of attacks in 2022, respectively. Healthcare and finance businesses are often targets for attacks due to the sensitive and valuable information they handle, including personal identification details, medical records and financial transactions. This data represents a lucrative opportunity for exploitation, from selling it on the dark web r using it for fraudulent activities.

Act now! Bolster your defenses for the future

Mitigating DDoS attacks requires a multifaceted approach. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) recommends working with your Internet Service Provider (ISP) to defend against DDoS attacks. That’s because even if you set up your own firewall protections to control incoming network traffic during DDoS attacks, only your ISP can effectively solve data overflow issues coming from the wider internet into your network. 

To help safeguard small business networks, the first step is to learn how to spot a threat. While working with a DDoS mitigation service provider, small businesses can learn to monitor traffic for a set of IP addresses that may indicate suspicious and/or malicious traffic.

Ensuring that this malicious traffic is blocked at the entry point to a network is vital. For further protection, small businesses can consider using comprehensive monitoring solutions and controls that can provide real-time reporting and alerts. By learning about the makeup and characteristics of each DDoS attack, small businesses can proactively adapt their defenses, effectively mitigate future threats, and configure notification alerts.

If an attack does get past a small business’ line of defense, network traffic can be dropped or limited as malicious traffic at the network’s edge, giving businesses time to act and set up a diversion. Once a threat is detected, service providers can divert traffic to distributed scrubbing centers capable of driving the malicious traffic away from the targeted infrastructure.

The final step would be the delivery of clean, legitimate traffic back to a business’s network via a secure tunnel. And because an experienced provider led the process, internet downtime is exponentially reduced.

Small businesses of all industries are at risk for DDoS attacks, especially as they continue to evolve. Staying informed of the growing vulnerability landscape and sophisticated tactics hackers use is crucial to not only defending against them but saving time and resources in the long run.

Click here for a copy of the full 2023 Comcast Business Cybersecurity Threat Report.  

Comcast Business has created a free online community focused solely on connectivity and technology issues, ranging from network management to cybersecurity. The site is located at: https://business.comcast.com/community.

We think you may also like…