Preventing and recovering from the next distributed denial of service (DDoS) attack is likely to be top of mind for many IT teams—DDoS attacks continue to be the most common attack types with regard to security incidents in Verizon’s long-running Data Breach Investigations Report (DBIR). With the right incident response and DDoS mitigation in place, your organization can weather the worst of the incoming storm and bounce back with minimal financial and reputational impact. Here's how to recover from a DDoS attack.
As organizations migrate more services to the cloud, they inevitably become more exposed to online interruptions. Launching attacks to exploit this fact has never been easier, as data from the 2022 DBIR shows.
There were 8,456 DDoS incidents recorded by the DBIR in 2022, with 6,248 incidents recorded in the 2023 DBIR, spread across a range of industries, including information services, retail, manufacturing, government and professional services.
According to Info-Security Magazine there was a 74% YoY increase in the number of DDoS attacks in 2022. This is partly attributed to both the rise of botnets and hacktivists developing tools for politically motivated actions that were eventually adopted by for-profit criminals.
Botnets of compromised machines are typically rented out on the cyber crime underground to overwhelm targeted systems with traffic to take down business-critical services. Botnets can be rented out "as a service" for as little as $5 an hour. However, the impact on victim organizations can be many times greater. The average cost of an attack in the U.S. is estimated at $218,000, not including any potential ransom demands. Alongside the prospect of lost sales and staff productivity, the victim organization may face customer churn, long-term reputational damage and diminished competitive advantage as it works to recover from a DDoS attack.
And attacks are getting bigger. The median DDoS from 2013 clocked in at just 422 Mbps, according to the DBIR. Three years later it had reached 1.1 Gbps, and it had risen again to 1.3 Gbps by 2022, and 2.2 Gbps in 2023. The report speculates that malicious campaigns are increasingly built on "more formalized and repeatable" infrastructure, potentially making it more challenging to stop a DDoS attack.
While attack infrastructure is becoming more professionalized, so are responses. With a calm head and a measured, data-driven approach, IT leaders should be able to ride out and then rapidly recover from a DDoS attack—even if it comes with no warning.
During the attack, ensure that you:
Following an attack, there will likely be tremendous pressure to get services back up and running as normal. That means reconnecting network devices in an orderly way to avoid overloading the system and ensuring customer connections are brought back online without creating another unintentional DDoS. But if you want to know how to recover from a DDoS attack the next time, it's also important to answer some key questions to properly assess the damage and identify and resolve any gaps in protection.
Among these questions are:
Based on the answers to these questions, it may be time to upgrade or replace your security service so it's better able to stop a DDoS attack. DDoS Shield is a global, cloud-based DDoS attack detection and mitigation service designed to handle even the largest and most sophisticated attacks.
It works by redirecting inbound traffic to "scrubbing centers," returning only clean traffic to the network to ensure critical applications and services remain operational. Your organization could benefit from a service that's:
Find out more about how Verizon's DDoS Shield can help you mitigate the effects of unexpected and unpredictable DDoS attacks.
The author of this content is a paid contributor for Verizon.
Call sales
888-789-1223
Chat with us
Start live chat
Have us contact you
Request a call
Get updates
Sign up for insights
Already have an account? Log inExplore support