Home / Industry

Hope is Not a Strategy: Neustar Releases 2012 Annual DDoS Attack and Impact Survey

Neustar Second Annual DDoS 2012 Survey
Download full survey: PDF
Last year, Neustar reported on the DDoS landscape during 2011. This year, it surveyed IT pros on their experiences in 2012. Did the threat of DDoS grow or shrink? What were the costs of downtime? In total, were companies better prepared to protect their websites and their brands?

In comparing threats to readiness, the answers weren't encouraging:

  • DDoS attacks continue to grow in frequency and impact
  • While a handful of massive attacks dominated the headlines — especially in the banking industry, where many suspect the hand of unfriendly nation-states — most DDoS attacks are less than 100Mbps in size
  • As in 2011, over 1/3 of attacks lasted longer than 24 hours, extending downtime, customer complaints and mitigation costs
  • Connecting the dots: it doesn't take a mega-attack to cause lasting damage, merely well-planned strikes on poorly defended websites
  • While more companies are investing in some type of DDoS protection...
  • Most still rely on firewalls and other traditional solutions that get bottlenecked during attacks and accelerate outages

Most Frequent Ddos Victims – As in 2011, financial and ecommerce businesses were the most frequent DDoS victims. Last year, 32% of financial organizations reported being attacked. In 2012, the number increased to 44%. Starting in Q3 2012 and continuing to the present, banks in particular have suffered large, disruptive attacks, with specialized botnets such as "itsoknoproblembro" amplifying the destructive impact.
(Source: Neustar 2012 DDoS Survey)
The data reported here is from a wide-ranging survey, not from Neustar's network monitoring or DDoS mitigation efforts. The data reflects the realities faced by diverse IT professionals across numerous industries, among companies large and small. It shows the real challenge most companies face today: how to gauge the threat clearly and respond within their means.

Among the key findings from the survey, 35% of organizations experienced a disruptive DDoS attack in 2012. Of those surveyed, 39% of retailers and 41% of ecommerce businesses experienced an attack last year. Additionally, more than a quarter of respondents (26%) indicated a DDoS outage could cost between $50-100k per hour, further showcasing the need for a strategy around DDoS protection and mitigation.

Additional survey findings include:

  • Key sectors reported higher rates of attack: The number of retailers experiencing an attack increased by 144% from 2011 levels to reach an overall level of 39% in 2012; financial organizations experienced a 38% increase in attacks year-to-year with 44% of financial organizations being victimized in 2012.
  • Though more companies are deploying DDoS protection — only 8% had no protections in place compared to 25% in 2011 — few have invested in purpose-built hardware or third-party expertise.
  • The latter is alarming; while 66% of companies use firewalls, routers and switches for DDoS protection, these networking products create bottlenecks that actually aid attackers.

How long did DDos attacks last?

2012 Annual DDoS Attacks & Impact Infographic – To see how DDoS attacks affected businesses in 2012, Neustar surveyed over 700 IT pros. Comparing 2012 results with out 2011 survey, it's clear that many people are still hoping and wishing and praying they can solve a complex problem with old-school solutions. (Click to Enlarge Image)Tracking with last year’s results, survey found over a third of all DDoS attacks lasted more than 24 hours: 37% in 2012 versus 35% in 2011. Some attacks stretched out for several days or even longer — with 20% of attacks lasting between 3 days and 7+ days. The longest attacks, those lasting over a week, increased from 10% in 2011 to 13% in 2012.

According to Christian A. Christiansen, Chris Liebert and Charles J. Kolodgy of IDC Research, in a February 2013 report, entitled The Business Value of Hybrid Cloud-based Compromise Intelligence Monitoring and Threat Mitigation, "Given the complex nature of today's threats, enterprises can achieve a strategic advantage by employing a new layer of security that is services based. Cloud-based services are an important aspect of this approach to security and provide always-on monitoring without the added expense of buying and maintaining on-premise equipment."

Download a copy of the full survey here.

About Neustar siteProtect
Learn How Neustar Technology Can Block DDoS AttacksNeustar SiteProtect offers intelligent DDoS protection, blending the people, processes and technologies to stop today's complex attacks. Using battle-tested procedures and best-of-breed equipment, the experts in the Neustar Security Operations Center work swiftly to eliminate downtime and protect your brand.

Based in the cloud, SiteProtect offers 24/7 on-demand traffic scrubbing. Immediately accessible through DNS or BGP redirection, it provides instant relief from DDoS attacks involving network Layer 3, application Layer 7, IPv6 and/or encrypted traffic — or any combination of these takedown methods. SiteProtect reroutes traffic to unclog your network, filters malicious traffic and permits valid traffic to return to your infrastructure.

Built on a dedicated, globally distributed Anycast network, SiteProtect can be instantly deployed and remains activated until the danger is gone. With SiteProtect handling the DDoS, your responses remain nimble and in sync with customer requests. Online business continues even as the attack unfolds.

For larger organizations, SiteProtect is an ideal complement to in-house mitigation hardware. As a cloud-based failover solution, SiteProtect provides the bandwidth to absorb malicious traffic and enables you to launch countermeasures in real time. Using a hybrid approach, you can leverage your investments in DDoS detection and alerting, avoid outages and minimize disruptions.


About Neustar – Every day, the world generates roughly 2.5 quadrillion bits of data. Neustar isolates certain elements and analyzes, simplifies and edits them to make precise and valuable decisions that drive results. Learn More

Related topics: Cyberattack, Cybersecurity, DDoS


Don't miss a thing – get the Weekly Wrap delivered to your inbox.

Related Blogs

Related News

Explore Topics

Dig Deeper


Sponsored by Verisign

Mobile Internet

Sponsored by Afilias Mobile & Web Services

IP Addressing

Sponsored by Avenue4 LLC

DNS Security

Sponsored by Afilias

Promoted Posts

Buying or Selling IPv4 Addresses?

ACCELR/8 is a transformative IPv4 market solution developed by industry veterans Marc Lindsey and Janine Goodman that enables organizations buying or selling blocks as small as /20s to keep pace with the evolving demands of the market by applying processes that have delivered value for many of the largest market participants. more»

Industry Updates – Sponsored Posts

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

i2Coalition to Host First Ever Smarter Internet Forum