Welcome to another installment of “Bad Security PR Watch,” where I publicly shame PR folks who use FUD to sell me on a story idea. OK, it’s not exactly a public shaming. I keep names out. I just don’t have it in me to be that cold-blooded. This one is about the “growing” threat of DDoS attacks. DDoS attacks with a 3,000-percent increase in packet volume quarter over quarter. That’s not a typo. They say it’s a 3,000-percent increase. Here’s the raw pitch I got: Media Advisory: April 10, 2012 (Vendor X) to announce financial services firms hit by DDoS attacks in Q1 2012 – Packet volume up 3,000% –Threefold increase in the number of attacks against financial services clients during Q1 2012 compared to Q4 2011 –3,000-percent increase in malicious packet traffic quarter over quarter –(Vendor X) mitigated more attack traffic this quarter than it did in all of 2011 –China remains the top source country for attacks but the U.S. and Russia both move up in the rankings –Data from the Q1 2012 report indicates attackers are evolving their strategies, increasing their firepower and focusing on specific targets. Insights in the report help organizations worldwide be more prepared against the increasing threat of damaging DDoS attacks. Maybe it’s a bit harsh of me to be picking on this release. They don’t say anything that strikes me as blatently wrong, though I find a 3,000-percent hike in packet volume hard to believe. I could believe 50 percent, 200 percent or even 900 percent. But 3,000 seems to break the pane of reality. The rest is believable. My problem is that everything is so painfully obvious. The vendor “mitigated” more attack traffic this quarter than in all of 2011? Every vendor says that. Every quarter. China is a top instigator? That news is as old as the Great Wall of China. Attackers are evolving their strategies and focusing on specific targets? That’s old news, Most companies knew that a long time ago. That’s why they hired you. DDoSes happen every minute of every day. That’s how it’s been for years. In your next pitch, tell me something new — as in something completely different from the routine. More importantly, if you’ve found some new method companies can employ to blunt the impact of these attacks, please share. Thanks. Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe