Reveals New DDoS Threat Landscape, Attack Motives and First Ever IPv6 Attack
- ‘Hacktivism’ and Vandalism are the Most Readily-identified DDoS Attack Motivations
- Frequency, Complexity and Average Size of Attacks Continues to Grow
- First-ever IPv6 DDoS Attacks Are Reported
- Visibility and Security of Mobile/Fixed Wireless Networks Remains a Challenge
Burlington, MA, February 7, 2012 – In a significant finding with major implications for all Internet-connected organizations, the Arbor Networks 7th Annual Worldwide Infrastructure Security Report revealed that ideologically-motivated ‘hacktivism’ is the single most readily-identified motivation behind DDoS attacks. Previous data showed financial motivations to be among the top drivers behind attacks, either for competitive reasons or outright extortion. In today’s environment, any business can become a target of an attack, and given the plethora of readily available DDoS attack tools, anyone can launch an attack. This represents a sea-change in the threat landscape and in the risk assessment model for network operators and end-customers that rely on the Internet for their business.
Arbor’s longstanding relationships with service providers and network operators across the globe, and its reputation as a trusted advisor and solution partner, make this annual report possible. The report offers a rare view into the challenges of network operators on the front lines of a global battle against botnets and DDoS attacks. It is designed to provide data and insight that will enable network operators to make more informed decisions about their security strategies to ensure availability for mission-critical Internet and other IP-based infrastructure.
”In the past two years, the pace of innovation on the part of hackers has accelerated. They are utilizing new tools and techniques and presenting acute challenges for network operators,” said Jennifer Pigg, founder, Battle Green Research, a Yankee Group affiliate. “Arbor Networks’ annual security report provides valuable insight into the challenges facing operators on the front lines of the battle against cyberattacks.”
“What we saw in 2011 was the democratization of DDoS,” said Roland Dobbins, Arbor Networks Solutions Architect for Asia-Pacific, and the primary author of this year’s report. “Any enterprise operating online - which means just about any type and size of organization - can become a target, because of who they are, what they sell, who they partner with or for any other real or perceived affiliations. Furthermore, the explosion of inexpensive and readily-accessible attack tools is enabling anyone to carry out DDoS attacks. This has profound implications for the threat landscape, risk profile, network architecture and security deployments of Internet operators and Internet-connected enterprises.”
Large Volumetric DDoS Attacks Are the ‘New Normal’
During the survey period, respondents reported a significant increase in the prevalence of high-bandwidth DDoS attacks in the 10 Gbps range, indicating that network operators must be prepared to withstand and mitigate large bandwidth attacks on a routine basis.
- Twenty-five percent observed DDoS attacks that exceeded the total bandwidth into their data center.
The single largest reported DDoS attack during the survey period was 60 Gbps, down from 100 Gbps reported in 2010. However, network operators should not misconstrue this as a decrease in the severity of attacks. To the contrary, network operators should understand that an attack in the tens of gigabits per second is more than sufficient to down a business, and that this data underscores how extremely serious the threat of these larger attacks is to network infrastructure and ancillary support services such as DNS - not to mention end-customer properties.
- Thirteen percent reported attacks greater than 10 Gbps.
Increasing Sophistication and Complexity of Application-layer and Multi-vector DDoS Attacks
Respondents indicate that sophisticated application-layer DDoS attacks have become commonplace and complex multi-vector DDoS attacks with both high-bandwidth and application-layer attack components are rapidly gaining in popularity with attackers.
- Fifty percent reported application-layer attacks on their networks.
- Stateful Firewall/IPS continue to fall short in DDoS protection: More than 40 percent of respondents reported an inline firewall and/or IPS failing due to a DDoS attack.
First-Ever IPv6 DDoS Attacks 'in the Wild' Are Reported
For the first time, respondents to this year’s survey observed IPv6 DDoS attacks on their networks. This marks a significant milestone in the arms race between attackers and defenders, and confirms that network operators must have sufficient visibility and mitigation capabilities to protect IPv6-enabled properties. Of note, while this is the first instance of reported IPv6 DDoS attacks, IPv6 security incidents remain relatively rare. This is a clear indication that while IPv6 deployments continue to advance, IPv6 is not yet economically or culturally significant enough to warrant serious attention by the Internet criminal underground.
Trust Issues across Geographic Boundaries are Prevalent
Approximately 75 percent of respondents indicated that they keep close watch on the origin of traffic, noting that certain countries and regions represent an increased threat for DDoS attacks. Also notable, is concern over the geographic origin of equipment they deploy in their networks.
Visibility and Security of Mobile/Fixed Wireless Networks Remain Challenges
Fifty percent of respondents reported not seeing any attacks targeting the mobile infrastructure. Conversely, more than 30 percent reported an average of 50 to 100 DDoS attacks per month. In addition, 44 percent don’t know if they have infected hosts on their network. These inconsistent findings are indicative of the general lack of necessary tools among mobile operators to effectively detect security threats.
Survey Scope and Demographics
- The data covers October 2010 through September 2011.
- Respondents represent 114 service providers throughout the world; 39 percent from Americas; 41 percent from EMEA and 20 percent from Asia Pacific.
- Seventy-seven percent of respondents are network or security operations engineers, analysts or architects; the remainder are management or executives.
About Arbor Networks
Arbor Networks, Inc. is a leading provider of network security and management solutions for next-generation data centers and carrier networks, including the vast majority of the world's Internet service providers and many of the largest enterprise networks in use today. Arbor's proven network security and management solutions help grow and protect customer networks, businesses and brands. Through its unparalleled, privileged relationships with worldwide service providers and global network operators, Arbor provides unequalled insight into and perspective on Internet security and traffic trends via the ATLAS® Active Threat Level Analysis System. Representing a unique collaborative effort with 100+ network operators across the globe, ATLAS enables the sharing of real-time security, traffic and routing information that informs numerous business decisions.
For technical insight into the latest security threats and Internet traffic trends, please visit our website at www.arbornetworks.com and our blog at ddos.arbornetworks.com.
Trademark Notice: Arbor Networks, Peakflow, ArbOS, How Networks Grow, ATLAS, Pravail, Arbor Optima, Cloud Signaling and the Arbor Networks logo are all trademarks of Arbor Networks, Inc. All other brand names may be trademarks of their respective owners.