Network Attacks Increase in Volume, Size, Sophistication
Malicious attacks carried out directly against networking infrastructure have taken off in nearly every sense over the last year, according to the latest report issued by researchers at backbone security specialist Arbor Networks.
The company, which markets threat monitoring technology and services to large network operators and infrastructure providers including ISPs, contends that attacks have increased in frequency, size and complexity since it issued its last paper on the topic one year ago.
According to Arbor's newest research, which is based on surveys conducted with more than 70 network ops worldwide, there was a "notable" leap in the sheer volume of infrastructure-oriented attacks, driven in part by the emergence of many smaller campaigns carried out against targeted assets.
The scope of threats observed by Arbor over the last 12 months also included a larger number of more complex schemes, including service-level and application-targeted attacks, DNS poisoning, and route hijacking assaults.
Such attacks are harder for network ops to thwart compared with larger, brute force campaigns and can cause far more serious disruptions, Arbor researchers said.
"Detection of application layer attacks is more difficult than with flood-based attacks," Danny McPherson, chief security officer for Arbor, noted in a report summary. "Providers need to have deep application insight into IP services and applications--such as DNS, HTTP, VoIP, IM and P2P--in order to identify and mitigate such attacks."
At the same time that smaller, more targeted attacks have proliferated, brute force threats have grown exponentially, the company reported.
For instance, distributed denial of service (DDoS) attacks maxed out at 40 gigabits over the last year, a 67 percent increase compared with the 24-gigabit threats being observed one year ago.
As a result, infrastructure providers are feeling the heat, Arbor's experts contend.
"The growth in attack size continues to significantly outpace the corresponding increase in underlying transmission speed and infrastructure investment," said McPherson. "And, while most ISPs now have the infrastructure to detect bandwidth flood attacks, we found that many still lack the ability to quickly mitigate these attacks; only a small percentage of the providers we surveyed said they have the capability to mitigate DDoS attacks in 10 minutes or less."
Among the many types of attacks being carried out recently, botnets remain the scourge of network ops, with assaults on VoIP and IPv6 infrastructure also on the rise.
Some 26 percent of the organizations surveyed cited zombie networks as their biggest problem, followed by DNS cache poisoning (23 percent) and BGP route hijacking (15 percent).
With the world economy in an uncertain state, many network operators may be forced to cut back on their operational budgeting, making the security issue an even greater threat to infrastructure in the next year, Arbor predicted.
To that end, over 50 percent of the providers surveyed by the company said they believe that serious security threats will increase in the next year as their security teams are constrained by fewer resources and an increased workload.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWEEK and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.