Arbor Networks 10th Annual Worldwide Infrastructure Security Report Finds 50X Increase in DDoS Attack Size in Past Decade
January 2015 by Arbor Networks
Arbor Networks, Inc. released its 10th Annual Worldwide Infrastructure Security Report (WISR) offering a rare view into the most critical security challenges facing today’s network operators. Now in its tenth year, the WISR survey includes detailed information on the threats and concerns of both service providers and enterprises. This annual report is intended to highlight the key trends in the threats and concerns facing organisations, and the strategies they adopt to address and mitigate them.
The threat landscape then and now:
· Mostly a nuisance and nothing more than an independent event a decade ago, distributed denial-of-service (DDoS) is now a very serious threat to business continuity and the bottom-line. DDoS attacks today are now components of complex, often long-standing advanced threat campaigns. The largest DDoS attack reported in 2014 was 400Gbps; ten years ago the largest reported attack was a mere 8Gbps.
· Application-layer attacks were experienced by 90 percent of respondents in 2014. Ten years ago, 90 percent of respondents cited simple “brute force” flood attacks as the most common attack vector.
· The human element continues to be a factor in defensive capabilities – not just today, but throughout the last ten years of WISR reporting. Just in the past year alone, 59 percent of respondents reported difficulty hiring and retaining skilled personnel within their security organisations.
Arbor’s long-standing customer relationships and reputation as a trusted advisor and solution provider make this report possible each year. Click here (registration required) to access the Arbor Networks 10th Annual Worldwide Infrastructure Security Report.
“Arbor has been conducting the Worldwide Infrastructure Security Report survey for the last 10 years and we have had the privilege of tracking the evolution of the Internet and its uses from the early adoption of online content to today’s hyper connected society,” said Arbor Networks Director of Solutions Architects Darren Anstee. “In 2004, the corporate world was on watch for self-propagating worms like Slammer and Blaster that devastated networks the year before; and, data breaches were most likely carried out by employees who had direct access to data files. Today, organisations have a much wider and more sophisticated range of threats to worry about, and a much broader attack surface to defend. The business impact of a successful attack or breach can be devastating – the stakes are much higher now. “
2015 WISR KEY FINDINGS:
Attacks are Growing in Size, Complexity and Frequency
· Use of reflection/amplification to launch massive attacks: The largest reported attack in 2014 was 400Gbps, with other large reported events at 300, 200 and 170Gbps with a further six respondents reporting events over the 100Gbps threshold. Ten years ago, the largest attack was 8 Gbps.
· Multi-vector and application-layer DDoS attacks are becoming ubiquitous: 90 percent of respondents reported application-layer attacks and 42 percent experienced multi-vector attacks that combine volumetric, application-layer and state exhaustion techniques within a single sustained attack.
· DDoS attack frequency is on the rise: In 2013, just over one quarter of respondents indicated they had seen more than 21 attacks per month; in 2014, that percentage has doubled to 42 percent.
Enterprises Are Under Assault
· DDoS and advanced threats are increasingly common: Nearly half of respondents saw DDoS attacks during the survey period, with almost 40 percent of those seeing their Internet connectivity saturated.
· Firewalls and IPS devices continue to be targets for attackers: Over one third of organisations had Firewall or IPS devices experience a failure or contribute to an outage during a DDoS attack.
· Cloud services are a bull’s-eye for attackers: Over one quarter of respondents indicated that they had seen attacks targeting cloud services.
· Security incidents are up but enterprises are not fully prepared to respond: Just over one third of respondents indicated an increase in security incidents this year, with about half indicating similar levels to last year. Just under a half of respondents felt reasonably or well prepared for a security incident, with 15 percent indicating that they having no plans or resources in place.
Data Centers are a High-Volume, High-Impact Target
· Over one third of data center operators saw DDoS attacks which exhausted their Internet bandwidth. This underscores just how critical of an issue this continues to be for data center operators: downtime means not just lost business for the data center operator, but the collateral damage extended to their customers operating business critical infrastructure in the cloud.
· Operational expense is the top cost attributed by data center operators to DDoS events. This shows the increasingly high costs of defending against growing attacks and the priority data center operators place on DDoS mitigation.
· Revenue loss due to DDoS is up sharply: 44 percent of data center respondents experienced revenue losses due to DDoS.
· Just under half of respondents indicated they had their firewalls experience or contribute towards an outage due to DDoS. This is up from 42 percent last year. Load balancers also saw issues, with over one third of respondents seeing these fail due to DDoS, in the last year.
------------ Survey Scope & Demographics
287 responses, up from 220 last year, from a mix of Tier 1 and Tier 2/3 service providers, hosting, mobile, enterprise and other types of network operators from around the world. Looking back to ten years ago, the WISR had 36 respondents – so the data presented in the WISR is now significantly more representative across a broader range of geographies and network operator types. More than 60 percent of respondents this year are service providers with around 30 percent of respondents from enterprise, education or government organisations, providing a global view into the traffic and threats targeting their networks, services and customers. Data covers November, 2013 through October, 2014.