Short, Low-Volume DDoS Attacks: The New Dominant Threat

Stephanie Weagle, VP, Corero Network Security

Service providers, hosting providers, and digital enterprises are under constant threat from DDoS attacks. While headline‑grabbing volumetric assaults dominate headlines, a subtler menace is emerging: low‑volume, short‑duration attacks that quietly undermine network defenses.

These sub‑saturating attacks typically deliver under 10 Gbps and last fewer than 10 minutes. They are designed to knock firewalls or intrusion‑prevention systems (IPS) offline, creating a window for attackers to map, infiltrate, and deploy malware or exfiltrate data. Corero terms this approach “Trojan Horse” DDoS.

What’s Changed?

Historically, DDoS incidents were large, single‑pulse attacks intended primarily for disruption. Recent trends, however, show a shift toward shorter, less voluminous assaults. Our latest DDoS Trends and Analysis Report reveals that 98 % of attacks against Corero customers in Q1 2017 were under 10 Gbps and lasted 10 minutes or less.

These seemingly modest bursts can still inflict significant damage. Attackers use them to probe for vulnerabilities and validate new tactics while remaining undetected. Cloud‑based scrubbing services often miss attacks lasting under 10 minutes, allowing the damage to occur before mitigation is triggered.

Consequently, the wave of sub‑saturating attacks observed earlier this year may represent a testing phase, with hackers refining techniques before unleashing larger, more destructive campaigns.

The Role of ISPs

For years, ISPs shielded only their own infrastructure. The evolving threat landscape demands a new strategy: real‑time DDoS mitigation built on comprehensive network visibility and instant response. By adopting modern deployment models, ISPs can defend their networks and transform DDoS protection into a value‑added, managed service for their customers.

Expanding to a distributed architecture allows providers to offer tailored security services, creating new revenue opportunities while reinforcing customer loyalty.

Conclusion

Short‑duration, low‑volume DDoS attacks should not be underestimated. They can trigger outages, mask more serious intrusions, and facilitate data theft or ransomware deployment. ISPs and carriers must deploy mitigation that activates instantly and automatically. Delays of even minutes can translate into costly breaches.

Author: Stephanie Weagle, VP, Corero Network Security