informa
Quick Hits

Service Providers In The DDoS, APT Bull's Eye

Combination network and application-level DDoS attacks on the rise against service providers, Arbor Networks report says
Nearly half of service providers this year were hit with multi-layered DDoS attacks that use both network traffic-overload and application-layer tactics, up from around 27 percent last year, according to the newly published Arbor Networks Annual Worldwide Infrastructure Security Report report.

One-fifth also have discovered bot infections within their own enterprise networks, raising concerns about cyberespionage campaigns targeting them. Among the other big threats they experienced this year were bots in their service provider networks (36 percent); APTs in their networks (15 percent); malicious insiders (11 percent); industrial espionage or data exfiltration (2 percent).

But distributed denial-of-service attacks remain the biggest problem for service providers: 76 percent say their customers were hit with DDoS attacks; 54 percent experienced DDoS attacks on services such as DNS and email; 52 percent suffered DDoS attacks on their network infrastructure; and 43 percent experienced outages due to DDoS attacks. And more than 60 percent suffered outages due to misconfigurations or other mishaps.

"There's a lot more focus on the application level [in DDoS attacks], so the attackers know more about your infrastructure, more about your core business, what your development looks like," says Dan Holden, director of the Arbor Security Engineering & Response Team (ASERT).

Multi-vector DDoS attacks have more longevity, and are the toughest DDoS attacks to defend against, according to Arbor. The wave of attacks on financial services organizations in the fourth quarter of 2012 were a good example of these types of attacks, Holden says.

Some 86 percent of service providers say DDoS attacks have gone after their HTTP Web services; 70 percent against their DNS services; and 37 percent against HTTPS services, which jumped from 24 percent in 2011."This may indicate that encrypted services, such as those used to check out of e-commerce sites and by financial service portals, are being targeted by application-layer attacks," the report says.

Nearly 95 percent of service providers are seeing their data centers targeted on a regular basis by DDoS attacks, and more than one-third say DDoS attacks have caused their firewalls to fail.

Arbor's Holden says what most surprised him was the large percentage of mobile service providers who have no visibility into their traffic: 60 percent. "There's a really big gap in visibility ... that's huge," he says. "The question is when half of the providers don't' have good visibility, what happens when their own network turns against them? That's a pretty scary proposition."

Close to 30 percent say their mobile users have been targeted in a DDoS attack, with one- to ten events per month. One-fourth say they don't know one way or the other due to a lack of visibility into that traffic.

Meanwhile, the largest reported DDoS attack last year was an average of 60Gbps, with some attacks hitting as high as 100Gbps. But overall, these attacks appear to have remained no higher than 100Gbps in the past three years, according to Arbor.

The full report is available here for download.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Recommended Reading: