The Arbor Networks® 7th Annual Worldwide Infrastructure Security Report
February 2012 by Arbor Networks
In a significant finding with major implications for all Internet-connected organizations, the Arbor Networks 7th Annual Worldwide Infrastructure Security Report revealed that ideologically-motivated ‘hacktivism’ is the single most readily-identified motivation behind DDoS attacks. Previous data showed the top factors to be financially-driven, either for competitive reasons or outright extortion. In today’s environment, any business can become a target of an attack, and given the plethora of readily available DDoS attack tools, anyone can launch an attack. This represents a sea-change in the threat landscape and in the risk assessment model for network operators and end-customers that rely on the Internet for their business.
Arbor’s longstanding relationships with service providers and network operators across the globe, and its reputation as a trusted advisor and solution partner, make this annual report possible. The report offers a rare view into the challenges of network operators on the front lines of a global battle against botnets and DDoS attacks. It is designed to provide data and insight that will enable network operators to make more informed decisions about their security strategies to ensure availability for mission-critical Internet and other IP-based infrastructure.
Click here to access the Arbor Networks Seventh Annual Worldwide Infrastructure Security Report.
”In the past two years, the pace of innovation on the part of hackers has accelerated. They are utilizing new tools and techniques and presenting acute challenges for network operators,” said Jennifer Pigg, founder, Battle Green Research, a Yankee Group affiliate. “Arbor Networks’ annual security report provides valuable insight into the challenges facing operators on the front lines of the battle against cyberattacks.”
“What we saw in 2011 was the democratization of DDoS,” said Roland Dobbins, Arbor Networks Solutions Architect for Asia-Pacific, and the primary author of this year’s report. “Any enterprise operating online - which means just about any type and size of organization - can become a target, because of who they are, what they sell, who they partner with, or for any other real or perceived affiliations. Furthermore, the explosion of inexpensive and readily-accessible attack tools is enabling anyone to carry out DDoS attacks. This has profound implications for the threat landscape, risk profile, network architecture and security deployments of Internet operators and Internet-connected enterprises.”
Large Volumetric DDoS Attacks Are the ‘New Normal’
During the survey period, respondents reported a significant increase in the prevalence of high-bandwidth DDoS attacks in the 10 Gbps range, indicating that network operators must be prepared to withstand and mitigate large bandwidth attacks on a routine basis.
• Twenty-five percent observed DDoS attacks that exceeded the total bandwidth into their data center.
The single largest reported DDoS attack during the survey period was 63.5 Gbps, down from 100 Gbps reported in the 2010 report. However, network operators should not misconstrue this as decreasing severity of attacks. To the contrary, network operators should understand that an attack in the tens of gigabits per second is more than sufficient to down a business, and that this data underscores how extremely serious of a threat these larger attacks are to network infrastructure and ancillary support services such as DNS — not to mention end-customer properties.
• Thirteen percent reported attacks greater than 10 Gbps
Increasing Sophistication and Complexity of Application-layer and Multi-vector DDoS Attacks Respondents indicate that sophisticated application-layer DDoS attacks have become commonplace, complex multi-vector DDoS attacks with both high-bandwidth and application-layer attack components are rapidly gaining in popularity with attackers.
• Fifty percent reported application-layer attacks on their networks.
• Stateful Firewall/IPS continue to fall short in DDoS protection: Over 40 percent of respondents reported an inline firewall and/or IPS failing due to a DDoS attack.
First-Ever IPv6 DDoS Attacks ’in the Wild’ Are Reported
For the first time, respondents to this year’s survey observed IPv6 DDoS attacks on their networks. This marks a significant milestone in the arms race between attackers and defenders, and confirms that network operators must have sufficient visibility and mitigation capabilities to protect IPv6-enabled properties. Of note, while this is the first instance of reported IPv6 DDoS attacks, IPv6 security incidents remain relatively rare. This is a clear indication that while IPv6 deployments continue to advance, IPv6 is not yet economically or culturally significant enough to warrant serious attention by the Internet criminal underground.
Trust Issues across Geographic Boundaries are Prevalent
Approximately 75 percent of respondents indicated that they keep close watch on the origin of traffic, noting that certain geographic countries and regions represent an increased threat for DDoS attacks. Also notable, is concern over the geographic origin of equipment they deploy in their networks.
Visibility and Security of Mobile/Fixed Wireless Networks Remains a Challenge Fifty percent of respondents reported not seeing any attacks targeting the mobile infrastructure. Conversely, more than 30 percent reported an average of 50 to 100 DDoS attacks per month. In addition, 44 percent don’t know if they have infected hosts on their network. These inconsistent findings are indicative of the general lack of necessary tools among mobile operators to effectively detect security threats.
Survey Scope and Demographics
• The data covers October, 2010 through November, 2011.
• Respondents represent 114 service providers throughout the world; 39 percent from Americas; 41 percent from EMEA and 20 percent from Asia Pacific.
• Seventy-seven percent of respondents are network or security operations engineers, analysts or architects; the remainder are management or executives.