cherezoff - stock.adobe.com
Brute force attacks on networks are growing exponentially, according to the latest annual worldwide infrastructure security report by network management firm Arbor Networks.
The report, which includes responses from 66 IP network operators around the world, said distributed denial of service (DDoS) attacks have reached record highs.
Some network operators reported attacks of up to 40gigabits per second (Gbps) in the past year compared with 24Gbps and 17Gbps in the previous two years.
This represents a 67% increase in the past year, an increase of nearly 2.5 times the largest attack in 2006, and a 100 fold increase since 2001, the report said.
The number of respondents reporting attacks larger than one Gbps nearly doubled this year to 36% of those surveyed.
Danny McPherson, chief security officer for Arbor Networks, said that although most ISPs have the infrastructure to detect DDoS attacks, many still lack the ability to mitigate these attacks quickly.
According to the report, only 15% of the providers surveyed said they had the capability to mitigate DDoS attacks in 10 minutes or less.
“Even fewer providers have the infrastructure to defend against attacks at this year’s reported peak of 40Gbps. This is an area of weakness that can be exploited quickly,” McPherson said.
The report also noted an increase in the number of smaller and more sophisticated attacks that are more difficult to deal with than the larger brute force attacks.
These can cause serious disruptions and include service-level and application targeted attacks, DNS poisoning and route hijacking.
Craig Labovitz, chief scientist at Arbor Networks, told Computer Weekly that most enterprises are not aware of the range of threats.
He said CIOs need to be aware of the changing threats to ensure the ISP and services they select can cope with new forms of attack.
In the coming year, the scale and frequency of security threats for Internet protocol version 6 (IPv6) and voice-over-IP (VoIP) are expected to increase as they become more widely deployed.
“The problem is not all ISPs support the same security mechanisms as they do for IPv4, and only 21% of those surveyed said they had tools in place to detect threats against VoIP infrastructure or services,” said Labovitz.