The number of distributed denial-of-service attacks experienced by enterprises has doubled since the start of the year, according to a newly published report.

Corero Network Security Ltd. said organizations using their services experienced an average of 237 DDoS attack attempts per month during the third quarter, or the equivalent of eight DDoS attack attempts a day. That’s a 35 percent jump over the second quarter and double the average of four dailt DDoS attack attempts at the beginning of 2017. DDoS attackers try to make an online service unavailable by overwhelming it with traffic from many sources.

Notable in the numbers was an increase in what the report describes as sophisticated multivector attacks, which employ several techniques in the hope that one, or the combination of a few, can penetrate the target a network’s security defenses.

There was also a return of Ransom Denial of Service attacks. RDoS is an old-school form of attack that involves hackers threatening to launch a DDoS attack if a payment, usually in bitcoin, isn’t made.

In the past, many companies have simply paid the ransom, but the tide shifted against the method in January 2016 when bitcoin exchange BTCC Technology Ltd. fought back against the extortion method and won. The return of RDoS is attributed to a hacker group called “Phantom Squad” that started an extortion campaign in September targeting banking and financial institutions, hosting providers, online gaming services and software-as-a-service companies in the U.S., Europe and Asia.

The report attributes the surge in overall DDoS attacks to the rise of DDoS-for-hire services and the proliferation of unsecured “internet of things” devices. “The growing availability of DDoS-for-hire services is causing an explosion of attacks, and puts anyone and everyone into the crosshairs,” Corero Chief Executive Officer Ashley Stephenson said in a statement. “These services have lowered the barriers to entry in terms of both technical competence and price, allowing anyone to systematically attack and attempt to take down a company for less than $100.”

There’s also an arms race to infect vulnerable devices, effectively thwarting other attackers from commandeering the device, Stephenson added. “Cybercriminals try to harness more and more internet-connected devices to build ever larger botnets,” she said. “The potential scale and power of IoT botnets has the ability to create internet chaos and dire results for target victims.”

Image: Sagor Kumar sr/Wikimedia Commons