10 Feb 2016

Distributed Denial of Service (DDoS) Attacks – on the rise and impacting more than ever before.

As more companies choose hybrid operating models where they run part of their infrastructure on-premises and other parts in the cloud, security is becoming an even more crucial discussion.

Arbor Networks’ Worldwide Infrastructure Security Report is an annual must-read on the kind of threats faced by those who run infrastructure – and that will therefore be felt by those who use it.

Here are the top 8 things you need to know:


  1. Bandwidth saturation up

Service providers are more concerned about how their infrastructure will hold up in a bandwidth saturation event. While a distributed denial of service (DDoS) attack could be the cause, it could just as likely be the result of high rates of “streaming, over-the-top services, unique events and flash crowds”. In any event, one in four service providers is worried about the threat, and the proportion is growing.


  1. Misconfiguration outages down

The percentage of service providers that experienced infrastructure outages due to equipment failures or misconfiguration continues to fall, dropping from 60 percent to 49 percent in the past several years. Arbor believes “the continued focus on preventable failures and outages” is behind the reduction in this type of threat.


  1. Big DDoS is getting bigger

The top tier of DDoS attacks continues to push size boundaries. The largest reported attack this year was 500 Gbps; Arbor said it’s possible that there were even larger attacks on organisations that didn’t participate in the company’s Atlas threat analysis network.

The size of attacks and the number of firms falling victim is increasingly generally. In 2013, Arbor saw 39 attacks over 100 Gbps. This year it was 223 attacks.


  1. Most stay small

Despite this, 84 percent of all monitored DDoS attacks were less than 1 Gbps in size. “The mean attack size this year was 760 Mbps,” Arbor said. “This does not seem like a huge amount of traffic, but attacks of this magnitude are still capable of causing significant problems for businesses that do not have the relevant preparations in place.”

Arbor cited statistics that 91 percent of events lasted less than one hour. However, it noted the potential for what looks like single attacks to actually be part of “multi-event campaigns where attackers will start/stop the attack sporadically over an extended period.”


  1. DDoS is hitting cloud

Cloud-based services are everywhere, and as they have risen in numbers and usage, they have become targets. Arbor reported that 33 percent of respondents saw attacks against cloud-based services, up from 19 percent two years ago.

“The use of cloud services continues to grow, with many organisations now adopting public, private or hybrid cloud solutions,” Arbor said.

“Cloud services can offer significant performance, flexibility and cost advantages to business. However, they are generally reached via the Internet (even if a VPN is in place) and are therefore susceptible to DDoS attacks targeting their connectivity.

“When users cannot reach a cloud-based service, all of the business benefits are irrelevant.”

Brennan IT uses Arbor technology to provide a number of security solutions to mitigate such threats.


  1. Surprise, DDoS was just the distraction

While experiencing a DDoS attack might seem like enough unwanted attention, more service providers report that they are being used as “a distraction for either malware infiltration or data exfiltration. This year”. One in four reported this, up from 19 percent last year.


  1. More insurance

Perhaps unsurprisingly, as businesses shift more into the cloud and digital platforms, they’re also taking out insurance for that business model in greater numbers.

“This year, 20 percent of respondents indicate that they have cyber security insurance in place, an increase from 13 percent last year,” Arbor said. “Nine percent indicate that they plan to look into insurance over the next 12 months.

“Anecdotally, we know that some executives are considering some form of cyber insurance after speaking with their peers about it.”


  1. More law

In addition to insuring themselves against cyber security events, it seems victim organisations are more likely to get lawyers or police involved after an attack.

“There have been increases in those working with law enforcement (up from 12 percent to 19 percent), specialist legal advisers (up from 7 percent to 12 percent) and communication providers (up from 8 percent to 14 percent)” after an attack, Arbor said.

“Although all of these percentages are still relatively low, they are growing.”