Nick Race, Arbor Networks’ country manager for Australia and New Zealand, said the company had seen 31,000 DDoS attacks against Australian systems in the first six months of 2014, with 91 per cent being of less than 30 minutes duration and less than 4 per cent greater than 24 hours.

Data from Arbor Networks - a company specialising in DDoS protection - suggests that most DDoS attacks have purposes other than simply blocking access, because they are quite short.

Rodrigues said the attacks were increasingly being used to distract IT security staff while the attacker pursued their real goal: system penetration. In one instance attackers had mounted a DDoS attack against a bank’s domain name server, blocking access to its site and diverting log in requests to a fake site in order to steal passwords.

“DDoS can be used for many purposes: protest, vandalism, bragging rights, extortion, industrial espionage and even as a prelude to war,” he said.

He added that even a short DDoS attack could impact systems long after it had ended. “An attack can cause catastrophic damage to the infrastructure which could take it off line for much longer while people reboot systems etc.”

According to Rodrigues, such has been the growth in attacks that large organisations that are particularly susceptible, such as banks, now have DDoS protection running 24 x 7. “It used to be the case as recently as two years ago that people would only turn on DDoS protection when they needed it, but today global banks and most global organisations will always have DDoS mitigation in place.”

While on-premises DDoS protection has limited capability to block an attack - which can overload inbound communications links - Race said it was essential. “You need DDoS defence on-premise that is always on and ready to mitigate at a moment’s notice and also have a mechanism of linking up to the ISP above you when the attack gets so big that the internet links to the enterprise gets saturated.”

However DDoS attacks are becoming more sophisticated and moving from simply being high volumes to targeting specific applications. BT says that multi-vector attacks have increased 41 percent in the past year, and Rodrigues said, these were much harder to defend against.

“Rather than trying to simply flood the target’s network an attack will send lots of, for example, log in requests that never finish so the server is just waiting for the other half of the log in to come. It never does and eventually the server cannot listen any more and nobody else can log in. These have become very effective at slicing through network-based defences.”