Report: Fueled by IoT devices, DDoS attacks rising in size, frequency

Distributed Denial of Service attacks, the most basic kind of cyber assault, have increased in size and frequency this year, fueled in part by the growing number of web-connected devices in the Internet of Things, a report said Tuesday.

Distributed Denial of Service attacks have increased in size and frequency this year, fueled in part by the growing number of web-connected devices in the Internet of Things, a report said Tuesday.

Arbor Networks predicts the average size of attacks, which rose by 30 percent in the first half of 2016, will be large enough by year’s end to take most organizations completely offline.

Using anonymized web traffic data from 339 internet service providers, the Burlington, Mass.-based company found not only that the size of the average attack was rising, but the size of the largest attack was up 73 percent.

In 2014, the largest attack Arbor monitored was throwing 325 gigabits per second, or Gbps, of bogus data at the targeted system. Last year that rose to 334 Gbps, and this year, so far, the largest monitored attack was 579 Gbps.


Peak DDoS attack size since January 2015 in gigabits per second. Source: Arbor Networks

DDoS attacks work by bombarding the target with bogus data and rendering the targeted site unreachable, making it impossible for real web browsers to get through — so the rate of traffic generated is an important metric in judging DDoS efficacy.

Arbor says a one Gbps attack “is large enough to take most organizations completely offline.” In the first six months of 2016, average attack size was up 30 percent to 986 megabits per second. Arbor predicts the average attack will be 1.15 Gbps by the end of 2016.

The rising size of attacks is driven, at least in part, by the explosive growth in the Internet of Things. Since many IoT devices connected to the web can generate traffic and are poorly secured, sometimes using default passwords which can be easily defeated.

Other factors include “the ready availability of free tools and inexpensive online services that allow anyone with a grievance and an internet connection to launch an attack,” the report states. “This has led to an increase in the frequency, size and complexity of attacks in recent years.”


Researchers in Arbor’s Security Engineering and Response Team gave the Lizard Stresser as an example — a DDoS attack tool the notorious Lizard Squad hackers released last year.

By recruiting IoT devices into botnets — networks of compromised computers controlled by hackers — Lizard Stresser was able to launch attacks as large as 400 Gbps.


Arbor ATLAS digital attack map for July 19. Source: Arbor Networks

Arbor collects DDoS attack data in real time through its Active Threat Level Analysis System — ATLAS. With the help of Google Ideas, ATLAS data is used to generate a digital attack map showing the geographic location of attacks from minute to minute.

The U.S., Korea and China remain the top 3 target countries, says Tuesday’s report; while the U.S., France and Britain are the top targets for larger attacks — those over 10Gbps.

Shaun Waterman

Written by Shaun Waterman

Contact the reporter on this story via email, or follow him on Twitter @WatermanReports. Subscribe to CyberScoop to get all the cybersecurity news you need in your inbox every day at

Latest Podcasts