informa
2 MIN READ
Quick Hits

ISPs Facing More Service-Level Attacks

DDoS attacks hit 40Gbps, but it's the lower-profile attacks that most worry service providers, according to Arbor's new Wordwide Infrastructure Security Report
The biggest distributed denial-of-service attacks became more powerful in the past year, but it was the smaller, more targeted attacks that wreaked the most havoc on networks, according to Internet service providers surveyed by Arbor Networks.

Nearly 60 percent of ISPs worldwide say they experienced DDoS attacks larger than 1 gigabit-per-second (Gbps), and the biggest of these attacks hit a new high watermark during the past year, 40 Gbps, according to Arbor's new Wordwide Infrastructure Security Report.

Still, ISPs are less worried about DDoS attacks than they were a year ago, and meanwhile are experiencing more application-level attacks: More than half say they saw in an increase in service-level attacks aimed at exploiting vulnerabilities and computing resource limitations. Several experienced multihour outages as a result of an application-level attack.

"Sophisticated, service-level attacks...wouldn't show up as a multigigabit DDoS. But they are still enough to cause outages on large, distributed services," says Craig Labovitz, chief scientist for Arbor.

ISPs said the main threat vectors for attacks were still mainly external, brute force attacks (61 percent), with 12 percent coming from known vulnerabilities, 3 percent from social engineering, 3 percent from misconfiguration, and none from zero-day threats. Brute force attacks, such as DDoS, jumped 67 percent over the last year. The report covers the 12 months during August 2007 through July 2008.

More than 50 percent of ISPs see the scale and frequency of IPv6 attacks increasing. "They are asked to deploy V6, but they don't feel they can have security [with it]," Labovitz says. Today's IPS/IDS, firewall, and other tools don't have the proper visibility into IPv6 networks to secure them, he says.

And, not surprisingly, botnets are still a big problem for ISPs. Botnets are still doing the same old, same old: Thirty-six percent of ISPs say they had seen botnets spamming; 31 percent, DDoS'ing; 28 percent, phishing, drop sites and other nefarious activities; less than 5 percent, ID fraud; and less than 5 percent, click fraud.

More than 60 percent of ISPs say they should be responsible for detecting and monitoring botnets, while 23 percent said they should not; another 17 percent said yes, but with some stipulations. Nearly 70 percent say existing anti-botnet tools and methods were "insufficient."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message

Editors' Choice
Haris Pylarinos, Founder and CEO, Hack The Box
Robert Lemos, Contributing Writer, Dark Reading