The Most Dangerous Season: Timing and Frequency of Multi-vector Attacks
During RSA Conference 2016, Neustar will preview some findings from our upcoming Security Operations Center (SOC) Report. The report chronicles attacks that the Neustar SOC team spotted and mitigated in 2015. As part of a three-part series covering different aspects of the SOC findings, this blog post discusses the timing and frequency of multi-vector attacks, a troubling trend on the rise.
The timing of an attack is perhaps the most strategic item that goes into a plan. In the same vein that few robbers would hit a bank in the morning, cyber attackers are also methodically plotting when and which times are the most lucrative to strike.
Multi-vector attacks (as we profiled yesterday) are growing in usage, and represent stubborn persistence on behalf of the attacker to infiltrate network systems. This attack trend, coupled with the sheer peak size is a recipe for headaches.
The Neustar SOC found four months to be the most frequent for multi-vector attacks:
- 14.34 percent of attacks occurred in December, with a peak size of 122.88 Gbps
- 12.75 percent of attacks occurred in October, with a peak size of 13.31 Gbps
- 10.76 percent of attacks took place in November, with a peak size of 34.3 Gbps
- July and September tied for fourth with 9.56 percent of attacks taking place within the two months; their peak sizes were 177.87, and 31.03 Gbps, respectively
Unsurprisingly, Q4 accounted for almost half (47 percent) of the multi-vector attacks for the year. With the online holiday shopping period as a ripe opportunity for a well-placed DDoS attack, criminals took note and responded with some of their most vicious attacks.
Although there is never a good time for companies to let their guard down, the stakes are especially high when it comes to Q4.