Large organizations continue to fortify their defenses, so attackers might begin targeting SMBs.

Edward Gately, Senior News Editor

February 13, 2023

4 Min Read

A new Lumen Technologies report shows the increasing complexity of distributed denial of service (DDoS) attacks with a continuing increase in attacks anticipated in 2023.

The Lumen report details DDoS activity from the fourth quarter and all of 2022. It includes 2023 predictions, a DDoS cost breakdown, and fourth-quarter and full-year data from the Lumen DDoS mitigation service.

Mark Dehus is director of threat intelligence for Lumen Black Lotus Labs, the threat research arm of Lumen.


Lumen’s Mark Dehus

“DDoS, much like other areas of information security, continues to be an ongoing battle between defenders who work to stop malicious volumetric traffic and the threat actors who work to generate it,” he said. “There are two factors that lead us to suspect a continued increase in DDoS attacks in 2023. There were several notable, very large attacks mitigated in the past two years. [And] threat actors increased the number of vectors they can use to launch attacks, such as the fraudulent acquisition of cloud-based services we saw in 2022.”

Lumen Tracks Rise in ‘Hit and Run’ DDoS Attacks

During the fourth quarter, nearly 90% of all DDoS attacks in were potentially “hit and run” style, according to Lumen. These attacks last 30 minutes or less. And threat actors frequently use them to probe a target’s defenses before launching a larger, sustained attack.

Domain name system (DNS) is an essential service, and the number of DNS amplification attacks increased 73% quarter over quarter.

Lumen mitigated 22% more DDoS attacks in 2022 than in 2021. The largest attack Lumen mitigated in 2022 was 1.06 terabits per second. It occurred during the second quarter and was also the largest DDoS attack Lumen has mitigated to date.

“The amount of damage by hit-and-run attacks can vary,” Dehus said. “We’ve found they can be an indicator of a threat actor probing defenses. Or they can be used to assess the scale of an attack that would be necessary to successfully disrupt the targeted service.”

Four smaller attacks preceded the 1.06 terabits per second attack Lumen mitigated.

“In addition, these types of attacks can cause the service to appear unreliable without gaining a significant amount of attention or requiring a lot of investment in resources by the attacker,” Dehus said.

Lumen Anticipates New DDoS Attack Methods in 2023

Cybercriminals and defenders are constantly maneuvering to stay one step ahead. In 2022, attackers began leveraging cloud-based, virtual services in ways never seen before, according to Lumen. it anticipates similar new attack methods in 2023.

The Lumen report also includes a breakdown of the potential cost of a DDoS attack. The estimate is based on data entered into Lumen’s online DDoS impact calculator. Several factors influence the cost, so researchers developed a generic use case based on the following assumptions:

  • The simulated victim is a software and technology company with $2 billion in annual revenue.

  • Online motions account for $500 million of total revenue.

  • The company has a small IT team with two employees dedicated to fixing security issues.

  • On average, security-related incidents generate 25 customer support calls per hour.

This organization is expected to be targeted with 13 DDoS attacks per year resulting in 19 hours of downtime per attack at a cost of nearly $21 million.

SMBs Need to Increase Defenses

Large organizations continue to fortify their defenses, so attackers might begin targeting SMBs. These organizations typically have fewer cyber defenses. However, they still have critical data and applications that could attract criminals.

“Of course, SMBs should ensure they have a comprehensive security strategy that covers DDoS mitigation,” Dehus said. “In addition, they should protect commonly exposed surfaces that threat actors can exploit to directly impact the SMB itself, or to wage attacks against others. Exposing common services to the wider public internet may seem like it can make IT operations easier. But doing so poses significant risk of harm to both the SMB and the wider internet ecosystem. SMBs should be mindful of the services they expose publicly and limit as much as practically possible.”

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like