DDoS (Distributed Denial of Service) attacks continue to be one of the most frequent and sophisticated threats in the cybersecurity universe. According to the Global DDoS Landscape report from NSFOCUS, from last year to now, there has been a significant increase in both the frequency and complexity of attacks.
The material gathers information obtained from an in-depth study on the cybersecurity market, based on global traffic trends and the company’s customer base, highlighting three key points:
Growth of ultra-short and massive attacks
The so-called burst attacks, which last less than 5 minutes, grew by 36.5%. Despite being brief, they generated extremely high traffic peaks, making detection difficult and requiring real-time automated responses.
Multiplication of attack vectors
Multi-vector attacks, which combine different techniques like UDP floods, TCP, and Layer 7 application layer attacks, accounted for over 55% of cases. This demonstrates a clear intention to overload different points of the network and application infrastructure simultaneously.
Growth of attacks against applications and APIs
The application layer and application programming interfaces (APIs) have become preferred targets. This is due to their criticality in digital services and the difficulty in distinguishing legitimate from malicious traffic at this level. In many cases, advanced bots simulate human behavior to evade traditional mitigation mechanisms.
At this moment, the big challenge for cybersecurity teams is to adapt outdated models that no longer work. According to Raphael Tedesco, business director at NSFOCUS, most organizations still rely on piecemeal solutions, such as traditional firewalls or load balancers, which are ineffective against distributed, multi-vector, and application layer attacks. ‘In addition, exclusive reliance on on-premises solutions limits the response capacity against large-scale attacks,’ he emphasizes.
Another critical point is the false sense of security. Companies that have not experienced recent incidents tend to underestimate the sophistication of attackers and the speed at which new criminal tools are made available as services, such as in the DDoS-as-a-Service model.
Faced with this scenario, it is essential for companies to have a proactive, distributed, and intelligent approach to DDoS defense. Some recommendations include:
- Hybrid mitigation (cloud + on-premises): Services that combine cloud protection with on-premises applications allow for scaling the response according to the type and volume of the attack.
- Intelligent traffic inspection: Solutions with behavioral analysis and AI usage help identify anomalous patterns and distinguish bots from legitimate users.
- Specific protection for applications and APIs: Web Application Firewalls (WAFs), API gateways, and L7 protection services should be integrated into the defense plan.
- Simulations and regular tests: Controlled resistance tests are essential to evaluate the effectiveness of existing defenses and prepare the incident response team.
- Continuous monitoring and automated response: Real-time visibility and automated decision-making are essential to contain short and intense attacks.
DDoS attacks have evolved from being just a destabilization tactic to becoming a strategic weapon – used by hacktivist groups, financial criminals, and in coordinated cyber warfare campaigns. “Therefore, companies that do not evolve their defenses will remain vulnerable to attacks that, even if they last only a few minutes, can generate immense financial and reputational losses,” Tedesco concludes.
