Arbor Networks Fourth Annual Worldwide Infrastructure Security Report
November 2008 by Arbor Networks
Malicious attacks on networks continued to grow at an alarming rate over the past year, according to a report issued today by Arbor Networks, a leading provider of secure service control solutions for global business networks. Arbor’s fourth annual Worldwide Infrastructure Security Report includes responses from nearly 70 IP network operators in North America, South America, Europe and Asia, and is designed to provide useful data to network operators so that they can make informed decisions about their use of network security technology to protect their mission-critical infrastructures.
Attacks Are on the Rise – and More Sophisticated
In addition to a notable increase in the number of attacks against network infrastructure, this year’s report also found that smaller and more sophisticated attacks – including service-level and application-targeted attacks, DNS poisoning, and route hijacking – are more difficult to manage than larger, brute force attacks and can cause a serious disruption in network service or enable further compromise.
“Detection of application layer attacks is more difficult than with flood based attacks,” commented Danny McPherson, chief security officer for Arbor Networks. “Providers need to have deep application insight into IP services and applications – such as DNS, HTTP, VoIP, IM and P2P – in order to identify, and mitigate such attacks. To do so effectively, ISPs today must have the ability to detect and surgically remove only the attack traffic while maintaining legitimate business traffic – thereby ensuring the highest level of customer satisfaction.”
“Miscreants continue to ramp up their sophistication to infiltrate and disrupt network resources,” said Michael Suby, Director of Stratecast (a Division of Frost & Sullivan). “This annual report from Arbor Networks is a valuable resource for the service provider community and confirms the evolving nature of threats and the challenges they present to service providers worldwide. This is not the time to be dormant in taking action to remediate.”
Brute Force Attacks Are Growing Exponentially
Attacks on a network to make it unavailable to its intended users – known as distributed denial of service (DDoS) attacks – were as large as 40 gigabits in the last year. The largest sustained attacks reported in the last two years were 24 gigabits per second (Gbps) and 17 Gbps, respectively, representing a 67% increase in attack scale over last year, an increase of nearly 2.5x of the largest attack reported in 2006, and a 100-fold increase since 2001. Furthermore, 36% of survey respondents last year reported observing sustained attacks larger than one Gbps. The number of respondents observing one gigabit per second or larger attacks nearly doubled this year.
“The growth in attack size continues to significantly outpace the corresponding increase in underlying transmission speed and infrastructure investment,” said McPherson. “And, while most ISPs now have the infrastructure to detect bandwidth flood attacks, we found that many still lack the ability to quickly mitigate these attacks; only a small percentage of the providers we surveyed said they have the capability to mitigate DDoS attacks in 10 minutes or less. What’s even more concerning is that even fewer providers have the infrastructure to defend against service-level attacks or this year’s reported peak of a 40 gigabit flooding attack. This is an area of weakness for operators that can be exploited quickly.”
Botnets Are Still a Concern; VoIP and IPv6 Are Emerging Threats
Although network infrastructure is under constant attack from a number of different vectors today, bots and botnets still rank highest as the largest problem facing network operators in the next 12 months. Botnets (26%) continue to be the primary vehicle for delivering the largest problems to network operations and security engineers, followed closely by DNS cache poisoning (23%) and BGP route hijacking (15%).
The survey also asked providers where new threats could emerge in the next year. 55% of respondents said the scale and frequency of security threats for IPv6 will increase as it becomes more widely deployed, while only 8% of respondents believe threats will decrease with improved IPv6 deployment. And although VoIP continues to be a rising attack vector for miscreants, providers are underprepared to protect their VoIP infrastructure from attack, the study found. Only 21% of respondents indicated that they had tools in place to detect threats against VoIP infrastructure or services.
“This year’s report underscores the twofold challenges faced by ISPs today,” said McPherson. “ISPs are currently waging a multi-faceted battle as they face increased cost and revenue pressure, along with multi-threaded attacks that are growing in size, frequency and sophistication. The good news is that through improved communications and information sharing in the operational security community – this report included – the service provider community will be better prepared for the fight against Internet threats today and in the future.”
Operational Resources Are Strained
In addition to attacks that are growing in size and sophistication, this year’s report identified that service providers are facing increasing cost and revenue pressure in a slowing global economy. As a result, operational network security resources have become strained, and many organisations are turning to Managed Security Services (MSS) – network security management from a network services provider.
“Many organisations generate most or all of their revenue from Web or other network service transactions, and their Internet ‘presence’ is critical to their fiscal well-being, “ said Rob Malan, co-founder and CTO of Arbor Networks. “As a result, many organisations now consider a subscription to MSS as an everyday cost of doing business on the Internet, and budget for these services just as they would disaster recovery, data backups, and traditional network redundancy.” Overall, more than half of the providers surveyed believe serious security threats will increase in the next year as their security teams are hampered by fewer resources and increased workload.