Brute force attacks on networks are growing exponentially,
according to the latest annual worldwide infrastructure security
report by network management firm Arbor Networks.
The report, which includes responses from 66 IP network
operators around the world, said
distributed denial of service (DDoS)attacks have reached record
highs.
Some network operators reported attacks of up to 40gigabits per
second (Gbps) in the past year compared with 24Gbps and 17Gbps in
the previous two years.
This represents a 67% increase in the past year, an increase of
nearly 2.5 times the largest attack in 2006, and a 100 fold
increase since 2001, the report said.
The number of respondents reporting attacks larger than one Gbps
nearly doubled this year to 36% of those surveyed.
Danny McPherson, chief security officer for Arbor Networks, said
that although most ISPs have the infrastructure to detect DDoS
attacks, many still lack the ability to mitigate these attacks
quickly.
According to the report, only 15% of the providers surveyed said
they had the capability to mitigate DDoS attacks in 10 minutes or
less.
"Even fewer providers have the infrastructure to defend against
attacks at this year's reported peak of 40Gbps. This is an area of
weakness that can be exploited quickly," McPherson said.
The report also noted an increase in the number of smaller and
more sophisticated attacks that are more difficult to deal with
than the larger brute force attacks.
These can cause serious disruptions and include service-level
and application targeted attacks,
DNS poisoning and route hijacking.
Craig Labovitz, chief scientist at Arbor Networks, told Computer
Weekly that most enterprises are not aware of the range of
threats.
He said CIOs need to be aware of the changing threats to ensure
the ISP and services they select can cope with new forms of
attack.
In the coming year, the scale and frequency of security threats
for
Internet protocol version 6 (IPv6) and voice-over-IP (VoIP) are
expected to increase as they become more widely deployed.
"The problem is not all ISPs support the same security
mechanisms as they do for IPv4, and only 21% of those surveyed said
they had tools in place to detect threats against VoIP
infrastructure or services," said Labovitz.