polygraphus - Fotolia
Average intensity distributed denial of service (DDoS) attacks are now great enough to knock most businesses offline, a report has revealed.
There were also reports of attacks of 450Gbps, 425Gbps and 337Gbps, but these are fairly rare, said Gary Sockrider, principal security technologist at Arbor Networks.
“What is significant is that the average of just under 2Gbps, which we see across tens of thousands of attacks, is enough to overwhelm most business internet connections,” he told Computer Weekly.
Another significant change, he said, is that for the first time in several years criminal activity has replaced hacktivism and vandalism as the top motive for DDoS attacks.
DDoS attacks are being used mostly by cyber criminals to demonstrate attack capabilities, mainly for extortion purposes.
A growing number of businesses are also seeing DDoS attacks being used as a distraction or smokescreen for installing malware and stealing data.
DDoS attacks target security weakspots
Arbor Networks’ survey of more than 350 network operators, including service providers and enterprises, also revealed that complex attacks are increasing.
More than half of respondents reported multi-vector attacks that targeted infrastructure, applications and services simultaneously, up from 42% the previous year.
A third of respondents saw attacks targeting their cloud-based services, up from 19% in 2013 and 29% in 2014, while just over half of datacentre operators saw DDoS attacks saturate their internet connectivity. There was also a 10% increase from 2014 in datacentres seeing outbound attacks from servers within their networks to 34%.
According to the report, firewalls continue to fail during DDoS attacks, with more than half of enterprise respondents reporting a firewall failure as a result of a DDoS attack, up from a third the year before.
Firewalls add to the attack surface and are prone to becoming the first victims of DDoS attacks as their capacity to track connections is exhausted, the report said.
The proportion of enterprise respondents seeing malicious insiders is up on the previous year, from 12% to 17%, and the proportion of respondents reporting security incidents relating to employee-owned devices more than doubled from the previous year to 13%.
However, nearly 40% of all enterprise respondents still do not have tools deployed to monitor employee-owned devices on the network, the report said.
Response to attacks improving
On the positive side, the survey showed an increasing focus on better response, with 57% of enterprises looking to deploy systems to speed the incident response process.
“We are also seeing continued improvement in service providers’ capabilities around DDoS mitigation, with three-quarters of service providers now telling us they can mitigate a DDoS attack in less than 20 minutes,” said Sockrider.
This is backed up, he said, by the fact that Arbor Networks is seeing a reduction in the average duration of DDoS attacks, not only from survey respondents, but also from monitoring live DDoS attacks.
“This is not a coincidence. It is because service providers are improving their DDoS mitigation capabilities, which is a very positive thing,” said Sockrider.
Also, a third of service providers have reduced the time taken to discover an advanced persistent threat (APT) in their network to under one week, and 52% stated their discovery to containment time has dropped to under one month.
Advanced threats are one of the top concerns for enterprise organisations, the survey revealed. Loss of personal information and/or disruption of business processes are perceived as the top business risks from an advanced threat.
2015 also saw an increase in the proportion of enterprise respondents who had developed formal incident response plans, and dedicated at least some resources to respond to such incidents, up from around two-thirds to 75%.
Security skills and awareness a challenge
However, it remains a challenge for companies to recruit people with the right cyber security skills to enable them to improve incident preparedness and response, with only 38% of respondents looking to expand their internal teams, down from 46% the year before.
As a result, the report showed an increasing reliance on managed services and outsourced support, with 50% of enterprises and 60% of service providers having contracted an external organisation for incident response and 74% seeing more demand from customers for managed services.
Gary Sockrider, Arbor Networks
The findings of the report underscore the fact that technology is only part of the story, according to Darren Anstee, chief security technologist at Arbor Networks.
“Security is a human endeavour, and there are skilled adversaries on both sides. Thanks to the information provided by network operators worldwide, we are able to offer insights into people and process, providing a much richer and more vibrant picture into what is happening on the front lines,” he said.
The human element is critical, said Sockrider, because no security tool or point product can stop 100% of threats, but typically serve to make people more efficient and tackle more security issues.
“Organisations should not focus on technology alone without paying some attention to people and process, which includes attracting and retaining talent with the appropriate skills, providing training and ensuring that knowledge is handed on,” he said.
Read more about DDoS attacks
- There is a real concern that many companies are being affected by the DDoS attacks commissioned by competitors, according to Kaspersky Lab.
- Smaller DDoS attacks can be more dangerous than a powerful attack that knocks a company offline but does not install malware or steal data, warns Neustar.
- Attackers have discovered new ways to conduct DDoS attacks. Expert Nick Lewis explains how they work, and what enterprises can do about them.