DDoS Trends & Predictions for 2016

In a recent study, Akamai reported that DDoS attacks are continuing to increase in frequency and duration. This isn’t surprising since a Neustar survey of security professionals showed that DDoS attacks targeted half of U.S.-based companies in 2014 and 2015. DDoS attacks are a growing problem because attackers develop different strategies for attacks and the threat landscape is expanding. As we move into the New Year, there are many predictions for DDoS attacks.


Gartner estimates the number of IoT devices will reach 6.4 billion in 2016, a 30% increase from 2015. Although manufacturers should be using PKI to secure connected devices, the adoption rate is not keeping up with the growing number of connected devices. Any unsecured device is vulnerable to a DDoS attack. IoT devices connect to a network, and just like servers in a botnet, if they’re compromised an attacker could use them to launch a DDoS attack. Two factors make it possible for attackers to utilize IoT devices for DDoS.

One factor is the device operating system. Attackers are less likely to attack a device that runs on a custom-made OS. Rather than wasting time and resources probing a custom-made OS for vulnerabilities, attackers are more likely to target devices that run on a major OS, such as Linux or Windows. Major OS are known quantities, requiring less time to understand and exploit.

The other factor is PKI implementation. If a company encrypts each device with a different cryptographic key, then attackers may have a more difficult time of using the connected device as a means for a DDoS attack. But if a company encrypts each device with the same key, all the attacker would need to do is compromise one key to gain access to all the devices. It is not uncommon for companies to use the one key for all their devices. In a survey of 4,000 devices and 70 vendors, 580 devices shared the same cryptographic key.

Attack Size

Because of the surge of attack size and frequency, media will no doubt feature more and more DDoS attacks in 2016. Like major data breaches, large attacks (5 Gbps and over) tend to receive more media coverage than small attacks (5 Gpbs and under). But small attacks shouldn’t be dismissed in the coming year as Neustar’s CIO and CSO points out:

“In launching such an attack, the attacker accomplishes several things: he disrupts operations, distracts the website and security teams, and makes sure the target network is still operational—that is to say, accessible. Now the attacker can go in and plant malware or a virus, setting the stage for data theft, siphoning funds, or whatever else.

Think about it: why saturate the pipes if you can’t access the network? Doing the reverse lets attackers harass a target and set the stage for exfiltration. In this sense, a so-called smaller attack can be more dangerous than a huge one that knocks you offline but may not result in a data breach.”

Ransom Demands

DDoS attacks cost 41% of businesses at least $100,000 for every hour of downtime. As every hour passes the cost in damages goes up and brand reputation becomes further damaged. In November 2015, attackers targeted ProtonMail with a DDoS attack, taking the email service offline. Feeling pressure from other companies—and no doubt with the burden of damages mounting—ProtonMail paid the ransom demand. Later in a blog post, ProtonMail admitted that paying the ransom was not the right choice, stating they would no longer pay ransom demands in the future. As companies take a stance and don’t give in to ransom demands, these demands may begin to fade.


DDoS attacks are predicted to become more of a problem for businesses in the coming year. To meet those attacks head-on, businesses need to implement strong security protocols for the growing IoT landscape, and consider securing all devices—and not just those that transmit sensitive information.

Posted in Data Security, DDoS, UncategorizedTagged