AI is the latest weapon for DDoS attacks

  • AI allows hackers to create a higher volume of DDoS attacks with a lower barrier to entry, according to Zayo
  • It's hard to say whether the increased frequency and duration of attacks is due to AI getting better or if attackers are just smarter about using it
  • Telcos unsurprisingly bore the brunt of DDoS attacks in the first half of 2024

Artificial intelligence (AI) waging war on networks sounds like something out of “The Matrix,” but it’s the latest tool employed for distributed denial of service (DDoS) attacks, according to a new Zayo report.

Bot-based attacks have made it easier for hackers to strike more often, partly because AI enables bad actors to create “relatively simple” DDoS attacks, said Max Clauson, SVP of network connectivity at Zayo.

“Just higher volume, lower barrier to entry,” he said. “That in theory should make it easier for a greater set of would-be attackers to launch these types of attacks, even if those attacks are not particularly sophisticated.”

The report didn’t provide metrics on how exactly hackers might use AI, but Clauson noted it is “definitely an emerging trend” that Zayo expects to see more of in the future.

“The other piece that’s happening is leveraging AI for greater sophistication,” he added. “You see greater sophistication being built into DDoS attacks that is seeking to circumvent DDoS protection.”

If the potential downtime from a DDoS attack doesn’t sound bad enough, Zayo found the average cost of an attack in the first half of 2024 was $6,000 per minute, while the average attack lasted 45 minutes.

All told, a single DDoS attack could cost an enterprise around $270,000.

“On the attacker side, there is a hypothesis that AI and GenAI can be used to develop and orchestrate more intelligent DDoS or other attacks,” AvidThink’s Roy Chua told Fierce. 

“And that AI techniques can help attacks better mimic real-world traffic, making it harder to pattern match on the defensive side,” he added.

Hackers can also deploy AI to help automatically find new vulnerabilities in systems, networks and software. But for DDoS attacks specifically, it’s tricky to say whether the increased frequency and duration “are due to improvements in AI,” Chua said, “or whether the attackers are smarter about leveraging automation and creating commercialization of DDoS as a service.”

In any case, the use of AI for “malicious activities in networking” shouldn’t discourage enterprises from adopting AI in their networks.

“If anything, use of AI for automation, for threat detection, and better visibility and insights into networking should increase to counter the increasing threats,” said Chua. “Regardless of what these threats are and how much of them are AI-powered.”

Telecom in the line of fire

The telecom industry bore the brunt of DDoS attacks in the first half of 2024, according to Zayo, accounting for 57% of all attacks.

 

Not a huge surprise, as the impact from targeting communications networks “is larger and more disruptive than what you see by targeting specific enterprises,” Clauson said.

Telcos can not only be the target of a DDoS attack, but their networks are also “the highways that carry the source of DDoS attacks and serve as the path to the targets,” noted Chua.

“Telecom companies are usually the last mile provider to compromised devices in residential or business [networks] that have been taken over and now form part of botnets,” he said.

Manufacturing is another industry hit hard by DDoS attacks, as Zayo noted those companies saw a 200% increase in DDoS attack size from 2023 to 2024.

Interestingly, the cloud/software-as-a-service industry saw a 62% year-over-year decrease in total number of attacks. The segment made up just 5% of all DDoS activity in the first half of 2024.