As more groups get into the denial-of-service attack business they're starting to get in each other's way Credit: Thinkstock As more groups get into the denial-of-service attack business they’re starting to get in each other’s way, according to a report released this morning.That translates into a smaller average attack size, said Martin McKeay, senior security advocate at Cambridge, Mass.-based Akamai Technologies Inc.There are only so many devices around that have the kind of vulnerabilities that make them potential targets for a botnet.“And other people can come in and take over the device, and take those resources to feed their own botnet,” he said. “I’m seeing that over and over.” He said that Akamai is seeing evidence of the contention in the threat intelligence it gathers, as well as in the size of the attacks.The median attack size has been decreasing over the last year and a half, he said. At the start of 2015, the median DDoS attack size was 4 gigabits per second, and it went down to just over 500 megabits per second during the first quarter of this year.The number of very large attacks has also gone down over the past year, from 19 attacks greater than 100 gigabits per second over the course of the first quarter of 2016, to just two attacks of that size during the first quarter of this year.That could be due to the fact that several large DDoS crews were arrested at the end of last year.“Because of the high publicity of some of these attacks, we have Interpol and U.S. government agencies going after the owners and authors of those botnets,” McKeay said. “Those people are getting jailed, and that portion of the attack traffic goes away.”But that doesn’t mean that companies can get complacent about their defenses, since other groups may step in to take their place.“DDoS in general is a cyclic phenomenon,” he said. “About three years ago, it really took off and we saw a big increase. It’s been trending down for about a year but we suspect that that’s just a temporary change, and it’s going to start back up again.” Meanwhile, even smaller-sized attacks can still do a great deal of damage. According to the Akamai report, many businesses lease Internet uplinks of between 1 and 10 gigabits per second, so any attack bigger than 10 gigabits per second could take an unprotected business offline.And the capabilities of attackers keep expanding, he added.“Within two to three years, we might see a five to ten terabit attack,” he said.With more criminal groups competing for access to vulnerable devices for their botnets, does that mean that we might see less ransomware such as the WannaCry attack? No such luck.“It’s a different group of resources that are being used,” said McKeay. “When we’re talking about the ransomware like that which we’ve been seeing since Friday, that’s a completely different breed than DDoS.”No need to fight over comments, send them to our Facebook page. Related content news analysis DHS unveils one common platform for reporting cyber incidents Ahead of CISA cyber incident reporting regulations, DHS issued a report on harmonizing 52 cyber incident reporting requirements, presenting a model common reporting platform that could encompass them all. By Cynthia Brumfield Sep 25, 2023 10 mins Regulation Regulation Regulation news Chinese state actors behind espionage attacks on Southeast Asian government The distinct groups of activities formed three different clusters, each attributed to a specific APT group. By Shweta Sharma Sep 25, 2023 4 mins Advanced Persistent Threats Cyberattacks feature How to pick the best endpoint detection and response solution EDR software has emerged as one of the preeminent tools in the CISO’s arsenal. Here’s what to look for and what to avoid when choosing EDR software. By Linda Rosencrance Sep 25, 2023 10 mins Intrusion Detection Software Security Monitoring Software Data and Information Security feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Data and Information Security IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe