Mike McNeill’s Diary for Monday, July 11, 2016: Fighting off the DDoS

magnoliareporter.com experienced some technical issues on Friday. Our website is hosted by a service known as TownNews.com , which hosts and provides technical assistance to thousands of media-oriented websites across the country. TownNews.com was hit by a directed denial of service (DDoS) attack on Friday afternoon. This mainly manifested itself by making it difficult for us — and hundreds of other websites — to access our servers and make changes. People may have had difficulty accessing our website during that time. We do not think that our thousands of daily visitors have anything to worry about as TownNews.com technology responded immediately.

That said, it is probably a good thing that we are not president of the United States. To us, hackers present a clear and present danger to the security of the United States, which has our permission to deal with them with extreme prejudice.

North Korea is bent out of shape over the pending deployment by South Korea of the U.S.-made Terminal High Altitude Defense System, or THAAD. THAAD launchers and fire control systems are made in East Camden. North Korea’s military said in a statement that, “There will be physical response measures from us as soon as the location and time that the invasionary tool for U.S. world supremacy, THAAD, will be brought into South Korea are confirmed. It is the unwavering will of our army to deal a ruthless retaliatory strike and turn (the South) into a sea of fire and a pile of ashes the moment we have an order to carry it out.” Ohhhhhhh. We’re scared.

Seriously, how many submarines, cruisers, aircraft carriers, bombers and drones are circling offshore North Korea, ready to unleash hell at any given moment? And that’s just the U.S. military. That sea of fire and pile of ashes looks a lot like future downtown Pyougyang to us.

The Magnolia School District website is having a makeover. We’ll let you know when the site is up and running.

Looking for more widely spread drought conditions when the new report comes out later this week. We’re expecting more abnormally dry conditions in South Arkansas.

Patrick Posey died Saturday at his home near Benton, LA. Posey and his wife, Susan, performed much of the mural restoration work around the square a few years ago.

Some fool vandalized highway signs in the Walkerville area on during the weekend, but the hate speech written on them was cleaned up.

Our new online poll asks for your opinion about the state of race relations in Columbia County – whether they are better, worse or about the same as a decade ago. Another question might be what each of us, as individuals, is doing to make things better.

Five years ago, we reported that Walkerville Cumberland Presbyterian Church was dedicating a new manse. A year ago, we reported that Betsy Production was drilling an oil well on the SAU campus. Vice President Aaron Burr shot and mortally wounded former Treasury Secretary Alexander Hamilton in a duel on this date in 1804. Author E.B. White was born on this date in 1899. George Gershwin died on this date in 1937.

Source: http://www.magnoliareporter.com/news_and_business/mike_mcneills_diary/article_733b45f8-4720-11e6-9e2d-97f7f136ad46.html

WikiLeaks’ website was taken offline with a DDoS attack amid an ongoing hacker feud.

As a long-time feud between rival hacking groups boiled over, the WikiLeaks website was caught in the crossfire and brought offline by a distributed-denial-of-service (DDoS) attack on 5 June. However, rather than react with anger, leaked chat logs show how WikiLeaks’ Twitter account engaged the group responsible, called OurMine, and even offered hacking tips for the future.

Direct messages leaked to Buzzfeed show how WikiLeaks’ account, rumoured to be helmed by the website’s founder Julian Assange, told the group – which has become known for hacking the online profiles of high-profile figures – their talents could be put to better use.

OurMine has recently hacked a slew of celebrities and technology executives including Facebook’s Mark Zuckerberg, Google’s Sundar Pichai and Spotify founder Daniel Ek.

Every time, they leave a message telling the victim how weak their security is and leave a link to their website. Indeed the group claims to be a security firm rather than a hacking outfit.

In any case, as far as ‘hacks’ go, OurMine’s activity is fairly tame. Until WikiLeaks’ website was taken down – thanks to an ongoing head-to-head with the Anonymous collective – there was little real damage caused to victims other than embarrassment.

The DDoS attack took down the famous whistleblowing website by sending waves of traffic towards its servers, a common tactic used in hacktivist circles as a means of protest. After the incident, WikiLeaks got in touch and said the group was wasting its time by not making the most of the chances received by infiltrating profiles of the rich and famous.

“If you support us and want to show you’re skills, then don’t waste your time with DDoS etc,” the account wrote. “Find us interesting mail spools or docs and send them to [WikiLeaks]. That’ll have a much greater impact.”

After OurMine replied with “We never change their passwords we are just testing their accounts’ security” WikiLeaks said it was a “huge waste.”

The message continued: “There’s a lot more than (sic) could have been done with those accounts. Sending DM’s as Zuckerberg to further access elsewhere. Same with Google CEO. You could have used these accounts to gain access to much more significant information, revealing corrupt behaviour elsewhere.” Based on the chats, OurMine appeared to agree with the new direction. “Great idea,” it said.

One the hackers, speaking with Wired, previously said: “We don’t need money, but we are selling security services because there is a lot [of] people [who] want to check their security. We are not blackhat hackers, we are just a security group…we are just trying to tell people that nobody is safe.”

Source: http://www.ibtimes.co.uk/wikileaks-tells-ourmine-hackers-impersonate-high-profile-victims-reveal-corrupt-behaviour-1569499

Ransom driven DDoS attacks gaining popularity

Out of 100 IT security professionals attending the Infosecurity Europe conference in London, 80 believe their organisation will be a target of a DDoS attack within the next 12 months, new reports said.

The report was published by Corero Networks Security.

Besides ransomware, in which hackers place malicious code onto a victim’s computer, encrypting all data only to ask for ransom in exchange for the decryption key, DDoS extortions are also growing in popularity.

DDoS extortions work slightly different – businesses are threatened with DDoS unless they pay up to five bitcoins, or approximately £1,500. If they don’t comply, they’re risking a DDoS attack which can result in much higher financial losses.

Almost half (43 per cent) of respondents said it was possible their organisation would actually pay a ransom demand.

“Extortion is one of the oldest tricks in the criminal’s book, and one of the easiest ways for today’s hackers to turn a profit,” comments Dave Larson, COO at Corero Network Security.

 “When your website is taken offline, it can cost businesses over £5,000 a minute in lost revenue, so it’s understandable why some choose to pay the ransom. But this is a dangerous game, because just a few willing participants encourage these threats to spread like wildfire. Rather than trying to negotiate with criminals, the only way to beat these attacks is to have a robust, real-time DDoS mitigation system in place, which can defend against attacks and prevent downtime.”

“Like old cousins, ransom demands and DDoS are always being used together in inventive new ways to extract money from victims. For example, low-level, sub-saturating DDoS attacks are usually used as a precursor to ransomware attacks.  Because they are so short – typically less than five minutes in duration – they are usually not detected by security teams and allow hackers to find pathways and test for vulnerabilities within a network which can later be exploited through other techniques.”
Source: http://www.itproportal.com/2016/07/06/ransom-driven-ddos-attacks-gaining-popularity/

A NEW CCTV NIGHTMARE: BOTNETS AND DDOS ATTACKS

Botnets and DDoS Attacks

There’s just so much that seems as though it could go wrong with closed-circuit television cameras, a.k.a. video surveillance. With an ever-increasing number of digital eyes on the average person at all times, people can hardly be blamed for feeling like they’re one misfortune away from joining the ranks of Don’t Tase Me, Bro, esteemed internet celebrity.

However, if you think viral infamy is your worst-case scenario when it comes to CCTV, think again. Keep reading to find out why CCTV cameras and other internet-connected items are open to being hijacked by hackers looking to do DDoS damage, and about the bizarre case of the CCTV botnet located at a mall five minutes from a professional DDoS mitigation service.

The internet of issues with the Internet of Things

CCTV cameras belong to the Internet of Things (IOT), a grouping of, well, things that are linked through both wired and wireless networks, often using the same internet protocol as the internet. They’re embedded with network connectivity, electronics, sensors and software that allow them to collect data and exchange data. Pacemakers, smart thermostats and microchips in animals are all examples of the items that make up the Internet of Things.

The Internet of Things is actually very cool. It minimizes the gap between the physical world and computer-based systems. It’s what allows you to turn on your smart washing machine from the office, or lock your front door from the train. Here’s the issue with the Internet of Things, though. Your laptop is connected to the internet, so you’ve secured it. Same for your phone, tablet, probably your router, and any other number of internet-connected devices you use on a daily basis. You wouldn’t leave those open to exploitation, allowing just anyone to hijack and control them.

The Internet of Things is designed to be remotely controlled across network infrastructure. Read that again. These items are designed to be remotely controlled. And yet, how many of those cow microchips do you think are secured? How many smart TVs? How many of the 245 million surveillance camerasthat are installed worldwide? (And that’s only counting the professionally installed surveillance cameras. Imagine how many do-it-yourself cameras are out there with even less security.)

Hijacking horror stories

You’ve probably already read about the downside of the Internet of Things, you just may not have realized it. One of the most high-profile instances of this is the recent stories about baby monitors being hacked, with grown men screaming at babies in the dead of the night.

As you can imagine, the potential for foul play with the Internet of Things is extensive. This is what’s led to the creation of CCTV botnets, which have been behind a number of DDoS attacks. By gaining control of internet-connected devices, attackers are able to direct those resources at a target website or other internet service, overwhelming it with malicious traffic and either driving it offline, or slowing it down enough to be unusable for legitimate users.

The consequences of a DDoS attack are many and dire. Not only will a website that’s not working drive users away and erode consumer trust, but a DDoS attack can also cause hardware damage, software damage, and can act as a smokescreen while attackers steal intellectual property, customer information, and financial data. And in terms of dollars and cents, an unmitigated DDoS attack can cost an organization a staggering $40,000 per hour.

From a virtual battlefield to a physical one

CCTV botnets weren’t anything new to professional DDoS mitigation providers Imperva Incapsula. In fact, they first publicly warned about them in March of 2014 when a steep increase in botnet activity largely traced back to CCTV cameras.

However, it was a slightly different ballgame when Imperva Incapsula began to mitigate repeated HTTP flood attacks on one of their clients. The DDoS attack itself was nothing special – peaking at 20,000 requests per second, no big deal for professional DDoS mitigation – however when Imperva Incapsula began looking through the attacking IPs, they discovered something curious. Some of the botnet devices were located right near their office.

Bot-CCTV

Geo-location of CCTV Botnet devices (Source: Imperva Incapsula)

Further detective work revealed that the botnet devices in question were CCTV cameras that were accessible to attackers through the devices’ default login credentials. Imperva Incapsula employees took a look through the camera lens and recognized a mall not five minutes from their offices. In a stark departure from a normal day spent fighting the evils of the internet, employees were able to head over to the mall and explain to the camera owners in-person what had happened, why it happened, and help them clean the malware from their cameras.

Lessons that need to be learned

What you need to learn from these Internet of Things incidents is two-fold. Firstly, if you have internet-connected devices like smart TVs, washing machines, thermostats, precision farming equipment, anything, they need to be secured. Even if you for some reason did not care if your devices were being used in a botnet to carry out DDoS attacks, rest assured that if attackers can hijack your devices for DDoS attacks, they can take control of them for other reasons. This is an especially frightening thought when it comes to nanny cams and other monitoring devices in your home.

The second lesson that needs to be learned in all of this is for website owners. The Internet of Things is already massive and it’s estimated by Gartner that by the year 2020, it will be comprised of over 25 billion devices. That is billions of devices that could potentially be used in DDoS attacks against websites just like yours.

Professional DDoS protection is already a necessity, and it’s only going to continue to become a bigger necessity. Professional DDoS mitigation services may not be able to protect you from the prying eyes of a CCTV camera during your most embarrassing moments, but they can protect your website, your users, your equipment, your intellectual property, and your finances from CCTV and other Internet of Things botnets.

By Naomi Webb

Source: http://cloudtweaks.com/2016/07/new-cctv-nightmare-botnets-ddos-attacks/

Anonymous Takes Down Minnesota Courts Website for God Knows What Reason

An unknown party claiming to be part of the Anonymous hacker collective emailed the StarTribune on Wednesday morning, June 22, claiming responsibility for the ongoing DDoS attacks that downed the Minnesota Judicial Branch’s website for most of the business day.

The attacks started around 8:00 AM, and access to mncourts.gov was restored around 5:15 PM, in the afternoon. At the time of writing, the website is still not accessible from some parts of the world, meaning the IT staff is still limiting access based on an IP filtering system.

“Anonymous Legion” takes responsibility for the attacks

In the email sent to the local newspaper, the hacker(s), who used the Anonymous Legion monicker, said they also managed to penetrate the Minnesota courts’ servers, stole data, and urged the newspaper not to believe the authorities if they denied the incident.

The attackers did not provide any proof to support their data breach allegations. Officials also informed the FBI Cyber Task Force.

This is the second time in six months when this happens to the Minnesota courts system. Last December, DDoS attacks took the same website offline for ten days between December 21 and 31. Previously, the website was hit with another DDoS attack on December 8, 2015.

No clues as to why (or if) Anonymous DDoSed the website

To this day, nobody has discovered who and why attacked the Minnesota courts system. No other judicial branch from any other state has suffered similar attacks.

This Twitter discussion from two cyber-security experts also shows the general confusion as to why Anonymous would attack this target. One of Anonymous’ biggest Twitter accounts has failed to provide any answers as well.

Outside the email the StarTribune received, there was no chatter online about the ongoing DDoS attacks.

It is exactly for these reasons that one of Anonymous’ biggest factions has decided to create a political party in the US, called The Humanity Party (THumP), to serve as the group’s official voice and to discourage smaller factions from launching blind DDoS attacks without any good reason.

THumP says it aims to coordinate Anonymous efforts in order to trigger a change in local politics, but not by launching senseless DDoS attacks, from which it will try to distance itself.

Source:http://news.softpedia.com/news/anonymous-takes-down-minnesota-courts-website-for-god-knows-what-reason-505610.shtml

DISTRIBUTED DENIAL OF SERVICE ATTACKS ON THE RISE, ONLINE GAMING REMAINS TOP TARGET

The number of distributed denial of service (DDOS) attacks is on the rise and online gaming sites remain the number one target.

According to the latest State of the Internet Security report by Akamai Technologies, the number of DDOS attacks in the first quarter of 2016 was up 125% from Q1 2015 and up 22.5% from Q4 2015.

Online gaming sites – which includes not only gambling but also console gaming networks – were the targets in 55% of the Q1 DDOS attacks, about the same as in Q4. Software & technology sites ranked a distant second at 25%, while media & entertainment were third with just 5%.

On the plus side, the average duration of Q1’s DDOS attacks was 16.14 hours, down more than one-third from Q1 2015.

On the downside, Akamai says multi-vector attacks are becoming more popular, presenting greater challenges for sites’ security practitioners. Single-vector attacks have declined from 56% of the total in Q2 2015 to just 41% in Q1 2016.

Akamai counted a record 19 attacks in which the volume of data topped 100 gigabytes per second (Gbps), up from just five such mega-attacks in Q4. The previous record of 17 100-Gbps attacks was recorded in Q3 2014.

The gaming industry was targeted in three of these mega-attacks, all of which occurred the day before or the day of this year’s SuperBowl, strongly suggesting that the attackers weren’t targeting console gamers.

Akamai believes DDOS attackers are becoming more persistent in targeting specific sites. Targeted sites were hit with an average of 29 attacks in Q1, up from 15 in the same period last year. Akamai credited the rise to the ease with which attackers could now acquire DDOS attack platforms.

Akamai didn’t name names, but Q1’s most frequently targeted website was hit with 283 DDOS attacks, an average of three per day. This type of focus is typical of what Akamai called the latest DDOS trend, in which attackers “hammer away at high-value organizations, regardless of effect, looking for a moment when defenses might drop.”

DDOS attacks are also being used more and more as “a diversion technique to exhaust company resources while attacks are launched against the primary target.” Akamai suggests data exfiltration as the true motivation behind many repeated DDOS attacks.

Akamai believes a lot of DDOS attackers are now mimicking tactics pioneered by the infamous DD4BC group, which offered to forego large-scale DDOS attacks if the victims coughed up a certain number of Bitcoins.

China was the source of 27% of all DDOS attacks in Q1, followed by the United States at 17% and Turkey with 10%. Turkey has now made the top-10 for two straight quarters, which Akamai credited to Russian hackers migrating outside their home country.

Source: http://calvinayre.com/2016/06/23/business/ddos-attacks-rise-online-gaming-top-target/

Anonymous Suspected of Attacks on Central Banks in Indonesia and South Korea

Authorities in Indonesia and South Korea have told Reuters about recent DDOS attacks aimed at the websites of their central banks.

Both Bank Indonesia and Bank of Korea took action by blocking IPs from parts of the globe they don’t usually see login attempts from. A Bank Indonesia spokesperson told Reuters that their institution blocked access from 149 countries in particular.

DDoS attacks are carried out using botnets. Botnets are a collection of hacked computers that act in sync based on orders received from the hackers, who control them with the help of a master server, called a C&C (command and control) server.

Usually, the infected machines are spread all over the world, and that’s why blocking IPs from some parts of the world might stymy such attacks. This is usually considered an extreme measure.

DDoS attacks used to mask more serious intrusions

The banking industry is on pins and needless right now, as most organizations are afraid of cyber-attacks and hacks similar to the ones suffered by the central bank of Bangladesh.

Last February, hackers stole $81 million from Bangladesh’s central by hacking the SWIFT inter-bank transaction system.

DDoS attacks are regularly used to mask more serious intrusions, as they keep IT staff busy with repelling the attacks, while hackers use other methods of infiltrating their systems. None of the two banks reported other incidents.

No actual evidence that Anonymous was behind the attacks

Without knowing who exactly carried out the attacks, authorities are now putting the blame on Anonymous, who announced last May a series of attacks aimed at banks around the world.

OpIcarus, as their campaign was called, lasted only for the month of May, and the group shifted focus to stock markets in June, and that’s how OpMayhem started. Additionally, Ghost Squad Hackers, one of the most active Anonymous subdivisions, launched OpSilence, aimed at mainstream media.

Normally, such groups carry out the attacks and spend as much time bragging about what they did on Twitter. There was no chatter from known Anonymous hackers regarding DDoS attacks on the infrastructure of these two banks.

Source: http://news.softpedia.com/news/anonymous-suspected-for-attacks-on-central-banks-in-indonesia-and-south-korea-505490.shtml

FISHING FOR A CURE TO DDOS ATTACKS

An interesting New York Times article tells the story of how, against the backdrop of generally depressing conditions for the world’s fisheries, those in the United States have started to rebound owing to the combination of science-based guidelines and hard-won, public-private collaboration. The parlous condition of the world’s fisheries is a tragedy of the commons, because although fisheries are a critical source of protein for many populations, endemic overfishing means that 90% of the world’s fisheries are exploited in an unsustainable manner. The recent progress in the U.S. gives cause for hope. In 2014, the Marine Stewardship Council certified the West Coast U.S. fishery as sustainable and well-managed, 15 years after that entire fishery collapsed from overfishing.

DDoS: The Tragedy of the Internet Commons

There is no way you can equate the importance of the Internet to a vital source of daily nutrients for billions of people. Yet the Internet is no doubt a critical ingredient of modern society. And it’s far from being “overfished.” In fact, the Internet is exploding with promising new use cases.

Sadly, the Internet is also exploding with menace. Among other exploits, distributed denial of service (DDoS) is becoming ever more pervasive and dangerous. In the last couple of years, we’ve started to see DDoS attacks that hit a terabit per second or greater in volume. If that isn’t bad enough, attacks have the potential to swell by an order of magnitude thanks to the Internet of Things (IoT) bringing billions of new, poorly secured new devices online, ready to be exploited. Add this all up and we’re facing a future of multi-terabit DDoS attacks, big enough to bring even large Internet service provider (ISP) networks to a grinding halt.

Why is this a tragedy of the commons? One of the chief reasons why DDoS attacks are so common, pervasive and massive is because the Internet infrastructure industry allows Internet Protocol (IP) address forgery on a vast scale, enabling attackers to launch untraceable attacks with impunity from all over the globe. In essence, the Internet is full of poorly engineered networks in which botnets can thrive because those networks don’t implement well-known hygienic measures to check whether computers are sending traffic from IP addresses that have been assigned to them. In fact, up to 40% of the Internet today allows botnets to function unimpeded.

A Better Way Forward for the Internet

Trying to fix DDoS on the Internet can seem daunting, like dealing with all the fish in the seas. This where the progress made in restoring U.S. fisheries provides a hopeful angle. Using the right approach, based on science and sound management, you can really make a difference.

Back in 2000, the Internet Engineering Task Force (IETF)—the global standards body—introduced a Best Current Practice (BCP38) to address the IP-address spoofing problem. BCP38 directs Internet service providers to check incoming data traffic to ensure it’s coming from an IP address registered to the network that sent it.

To verify that IP addresses line up with their sending networks, major network-equipment manufacturers such as Cisco developed reverse-path-forwarding technologies for their routers. This approach is also known as network ingress filtering. A packet filter sits at the edge of a network to spot IP sources that have adopted an address belonging to some other network.

About 80% of large Internet backbone providers today have implemented ingress filtering. If other network operators of all sizes around the world followed suit, they would significantly reduce the impact of DDoS attacks.

When BCP38 made its debut, industry watchers suggested that the federal government should use its massive purchasing power to include ingress filtering as part of its contracting requirements. In this way, the industry could rely on market forces to improve network security, rather than imposing new regulations. But the powerful telecom lobby quickly pushed back, and Congress failed to pass federal contracting requirements.

Using known science like BCP38 is about will power and collaboration. It could take many years to get sound, scientific ground rules in place for the Internet. After all, the Internet isn’t collapsing—at least not yet—so there’s less motivation for the Internet’s commercial interests then there was for fishers who were going out of business. In the meantime, one viable idea is (at least in aggregate) to use market pressures to influence Internet service providers to halt the spread of phony IP addresses and botnet attacks.

Defend Yourself Locally, Contract With the Globe in Mind

There is no magical cure for DDoS attacks or cyber exploits. As long as humans have financial or other incentives, the attacks will continue. IT organizations must invest in an agile, multi-layered approach to defending themselves in the here and now. That effort should include perimeter-based detection systems that operate on a network-wide basis and offer flexibility to adjust alerts to changing conditions. Network organizations should also deploy deep network-traffic analytics that offer unconstrained ad hoc data exploration. Network and security experts can use that visibility to identify new attacks, prune false positive and negative alerts, and continuously improve detection and mitigation practices.

Companies and government agencies have another tool at their disposal. They can use their contracts for Internet services to make a safer Internet by requiring BCP38 compliance as part of all proposal requests. In this way, business leaders and public officials can do their part to prevent the Internet of Attacks and reduce future harm as the industry rolls out the next generation of Internet infrastructure.

Source: https://www.datacenterjournal.com/fishing-cure-ddos-attacks/

Muslim Brotherhood’s Website Suffers DDoS Attacks and Data Leak’

The official English language website of Muslim Brotherhood movement was forced to go offline after facing massive DDoS attacks!

Earlier today, a hacker going by the handle of SkyNetCentral conducted a series of distributed denial-of-service (DDoS) attack on the official website of Society of the Muslim Brothers or Muslim Brotherhood (Al-Ikhwan al-Muslimun in Arabic) forcing the website to go offline despite using CloudFlare DDoS protection service.

The hacker also conducted DDoS attacks on the official website of Freedom and Justice Party, which is an Egyptian political party affiliated with Muslim Brotherhood. That’s not all, the attacker also managed to bypass site’s security and steal Al-Ikhwan al-Muslimun’s files from the database, ending up leaking it online for public access.

Upon scanning the leaked data HackRead found it to be legit and never been leaked on the internet before. The data dump contains IP addresses, email conversation, comments and commenters’ names and IP addresses. It seems as if the hacker only managed to compromise some tables of the database without getting hold of any sensitive data. The only damage that can be caused is tracing the location of the commenters but that’s not a task just anyone can perform.

Here is a screenshot from the leaked data showing comments and IP addresses:

muslim-brotherhoods-official-website-hacked-database-leaked-online

At the moment, the motive behind these attacks is unclear however after going through attacker’s profile it’s evident that they have been targeting Muslim Brotherhood, Council on American-Islamic Relations – CAIR and other similar organizations.

Source: https://www.hackread.com/muslim-brotherhoods-website-suffers-ddos-attacks/

Organizations face an average of 15 DDos attacks a year

The average organization is hit by 15 distributed denial of service (DDoS) attacks per year, according to new research from IDG Connect and sponsored by A10 Networks, a provider of application networking and security technology.

“DDoS attacks are called ‘sudden death’ for good reason,” said Raj Jalan, CTO of A10 Networks. “If left unaddressed, the costs will include lost business, time-to-service restoration and a decline in customer satisfaction. The good news is our findings show that security teams are making DDoS prevention a top priority.”

The average attack causes 17 hours of effective downtime, including slowdowns, denied customer access or crashes, the report says.

As DDoS attacks become more popular, they are also growing harder to defend. While the average peak bandwidth of attacks was 30 to 40 gigabits per second (Gbps), 59 percent of the 120 organizations surveyed had experienced an attack in excess of 40 Gbps.

A majority of respondents (77 percent) also expect sophisticated multi-vector attacks to pose the most dangerous type of DDoS attack in the future.

More than half of the surveyed organizations said they planned to increase their DDoS prevention budgets in the next six months. IT security teams are the most likely to lead DDoS prevention efforts (36 percent), followed by CSOs (26 percent) and CIOs (26 percent).

Source: http://www.healthdatamanagement.com/news/organizations-face-an-average-of-15-ddos-attacks-a-year