On June 27th, 2022, Edgio stopped a huge 355.14 Mpps (million packets per second) DDoS (Distributed Denial of Service) attack that targeted a major customer. The size of this attack places it at 44% of the largest DDoS attacks publicly disclosed. Another massive attack was mitigated just a couple of weeks prior.
Gartner has estimated the cost of downtime from DDoS attacks to be $300,000 per hour, but this doesn’t include the cost to brand equity. Edgio’s own App Security Benchmark research concluded a successful application attack costs, on average, $4.42 million per incident. Yet, beyond the financial impact – a customer’s trust in a brand is truly what’s at stake with these cyber attacks. CIO Insight reported 31% of consumers stopped doing business with the company due to a security breach; a significant number of these said they had lost trust in the brand.
As recently as September 2022, the Japanese government was targeted by an organized cyber-criminal group called Killnet. Killnet planned a sustained DDoS attack that eventually overcame the government’s cyber defenses. Yet, the Japanese government was protected by one of the most recognized names in web security. Then, earlier this month, on U.S. soil, Killnet perpetrated a DDoS attack targeting major airports, including Los Angeles International, Chicago O’Hare, and Hartsfield-Jackson International in Atlanta, among others.
Autopsy of a Killnet attack
Edgio’s analysis of the Killnet attacks* shows its modus operandi is to employ a variety of DDoS techniques, including combining application attacks with volumetric network attacks. It deploys these in waves of attack that also target a company’s origin.
- Wave 1: High frequency of (SYN, UDP, and ACK) amplification attacks along with DNS amplification and IP fragmentation attacks.
- Wave 2: IP fragmentation attacks followed by more high-frequency attacks.
- Wave 3: Ongoing volumetric attacks and state exhaustion.
- Wave n.
*Based on Edgio research and information from Killnet attacks in Italy. Edgio is not connected to the Italian or Japanese incidents.
Edgio Applications Security solution
As online attacks increase in size, frequency and sophistication, businesses are seeking holistic security solutions to help detect and streamline resolution. This diagram of Edgio’s Applications Security shows the attack vectors that DDoS attacks follow to try to disrupt businesses and websites.
How common are DDoS attacks?
DDoS attacks are here to stay. In fact, according to the 2022 Verizon DBIR (Data Breach Investigations Report), the #1 security threat is a DDoS attack (46% of attacks) – and it’s growing every year. The #1 targets are web applications and servers (56% of attacks), with DBIR highlighting web apps that remain unpatched and legacy apps that are older than four years as being the most affected.
Why are businesses still susceptible to DDoS attacks?
Companies remain vulnerable because they don’t protect all of their network against DDoS attacks. As attacks target both the network and application layers, organizations must protect against several attack vectors. According to the Verizon DBIR, the second leading breach pattern is a basic web application attack, so businesses will also benefit from a WAF solution. Once you deploy a WAF, your defenses improve significantly. Edgio’s App Security Benchmark Report notes that businesses are able to detect and contain a breach 77 days faster, on average.
As network architectures have evolved, so have DDoS attacks, exposing websites and networks to vulnerabilities, including the critical applications and processes dependent on those networks. One vital part of an IT network that needs protection – and gets overlooked – is your origin. The origin server is where the original web page is stored. One job of Edgio’s CDN is to store, or cache, copies of the web pages on its edge servers that are located a short distance from the web app user. These Edgio global edge servers enable businesses to deliver lightning-fast performance to website and app users. Edgio’s CDN hides the origin IP address, but devious cyber criminals, like Killnet, find and attack this chink in the armor. Deploying Edgio’s Applications Security and DDoS scrubbing solution is recommended to protect and mitigate against direct-to-origin DDoS attacks. DDoS scrubbing identifies bad traffic and redirects it away from critical systems. This combination of defenses provides businesses with a full spectrum, holistic cyber security strategy and means attacks never reach their infrastructure, applications, and internet-facing websites.
How can businesses mitigate DDoS attacks?
Even though the threat landscape continues to evolve, there are still several things you can do to protect your business and brand from DDoS attacks:
- Adopt a scalable, holistic security platform, like Edgio’s Applications Security.
- Protect your network, applications, and origin using an edge-based DDoS protection solution.
- Thwart direct-to-origin attacks with a DDoS scrubbing solution.
- Consider a 24 x 7 SOC to improve your business’ security responsiveness.
Key Edgio security advantages
Edgio is one of very few players providing edge-enable holistic security solutions. Our customers know Edgio’s layer 3, 4, 7 DDoS protection defends their business’ infrastructure, applications and brand 24 x 7. We say holistic security because our edge security platform provides comprehensive protection across the network and infrastructure, web applications and APIs, including bot management. In addition, Edgio’s managed security services (threat analysis and managed SOC) and analytics (analytic dashboard, real-time logs and SIEM integration) enable businesses to identify threats and act faster than ever.
- Edgio’s 250 Tbps of bandwidth capacity is one of the largest global edge networks.
- Edgio is one of the only edge platforms to provide a fully comprehensive network and application DDoS protection. Edgio mitigates DDoS attacks against thousands of client web applications daily.
- Edgio’s automated DDoS Mitigation works 24 x 7 x 365. Edgio’s Stonefish analyzes samples of all packets traversing our network, scoring them for threats and taking action when necessary.
- Edgio’s managed security team and 24×7 SOC mitigate threats so successfully many customers are unaware they are under attack.
Contact Edgio today to learn more about how our security solutions can reduce vulnerabilities and defend your business against increasingly prevalent DDoS attacks.