Arbor Networks, the security division of NETSCOUT, has released its 13th Annual Worldwide Infrastructure Security Report (WISR), offering direct insights from network and security professionals into the most critical security challenges facing today’s network operators. The report covers a wide variety of topics, from attack trends to SDN/NFV and IPv6 adoption, to key organisational issues such as incident response training and staffing challenges.
One finding which illustrates the increasingly complex environment, as outlined in the report, is the rise in multi-vector attacks that simultaneously target bandwidth, applications and stateful infrastructure (experienced by 48 percent of respondents, up from 40 percent last year). These attacks challenge defences as well as security teams and processes.
This year’s report shows that the frequency and complexity of distributed denial of service (DDoS) attacks are rising and that defenders are turning to automation and managed services for support. The proliferation of Internet of Things (IoT) devices across networks simultaneously brings enormous potential benefits to businesses and consumers, but vulnerability also, as attackers are able to weaponise them due to security vulnerabilities.
“Attackers focused on complexity this year, leveraging weaponisation of IoT devices while shifting away from reliance on massive attack volume to achieve their goals. They have been effective, and the proportion of enterprises experiencing revenue loss due to DDoS nearly doubled this year, emphasising the significance of the DDoS threat,” said Darren Anstee, chief technology officer, NETSCOUT Arbor. “The results of the WISR, together with our ATLAS data, demonstrate why an integrated multi-layer defence from the data centre to the cloud is required.”
Bryan Hamman, Arbor Network’s territory manager for Sub-Saharan Africa, notes that South Africa was within the top 10 of countries targeted by DDoS attacks for both the 2018 and 2017 Arbor WISR reports. He says, “While it is true that mapping DDoS source/destination IP addresses to geographical locations can be challenging due to factors such as source address spoofing by attackers, there is still no question that South Africa is on the radar for DDoS attacks, and as such our business arena cannot afford to be complacent.
“This latest report shows some interesting developments, for example that, while the number of very large attacks decreased in 2017 compared to 2016, the number of attacks between 2Gps and 5Gps is growing steadily. The report notes that this could also be an indication of attacker innovation, as new attack vectors are developed, such as the Mirai botnet’s ability to launch application-layer as well as volumetric attacks.”
The largest DDoS attack reported in this report by a service provider was 600 Gbps, down from 800 Gbps the previous year. In general, peak attack sizes and the frequency of very large attacks decreased.
Key findings of the report
· Fifty-seven percent of enterprises and 45 percent of data centre operators saw their internet bandwidth saturated due to DDoS attacks.
· There were 7.5 million DDoS attacks in 2017, according to data from NETSCOUT Arbor’s Active Threat Level Analysis System (ATLAS) infrastructure, which covers approximately one-third of global internet traffic. Of these attacks, service provider respondents experienced more volumetric attacks, while enterprises reported a 30 percent increase in stealthy application-layer attacks.
· Fifty-nine percent of service providers and 48 percent of enterprises experienced multi-vector attacks, a 20 percent increase over last year. Multi-vector attacks combine high volume floods, application-layer attacks and TCP-state exhaustion attacks in a single sustained offensive, increasing mitigation complexity and attackers’ chances for success.
As a result of the above points, the report notes that successful DDoS attacks are having greater operational and financial impact.
· Fifty-seven percent cited reputation/brand damage as their main business impact, with operational expenses second.
· Fifty-six percent experienced a financial impact of between $10,000 and $100,000, almost double the proportion from 2016.
· Forty-eight percent of data centre operators said customer churn was a key concern following a successful attack.
The report notes that network and security teams are challenged by an active and complex threat landscape, as well as persistent staffing issues.
· Eighty-eight percent of service providers use intelligent DDoS mitigation solutions and 36 percent use technology that automates DDoS mitigation. Increased investment in specialised tools automation is driven by the sheer number of attacks faced in service provider networks.
· Attack frequency is also driving demand for managed security services. Thirty-eight percent of enterprises relied on third-party and outsourced services, a jump from 28 percent the previous year. Only 50 percent carried out defensive drills, and the proportion of respondents carrying out drills at least every quarter fell 20 percent.
· Fifty-four percent of enterprises and 48 percent of service providers have difficulty hiring and retaining skilled personnel.
The data in the report was collected by NETSCOUT Arbor through a survey conducted in October 2017, and is based on survey data accumulated from those who are directly involved in day-to-day operational security, with the continuing core goal of providing real insight into infrastructure security from an operational perspective. Nearly two-thirds of all respondents identify as security, network or operations professionals. Security professionals have the highest representation at 32 percent. The document highlights key industry trends and threats facing network operators, along with the strategies used to mitigate them. The survey garnered wide participation from all around the world.
“The report is critical reading for network operators, as it outlines the challenges ahead for those involved in day-to-day security operations, how your network infrastructure may be negatively affected by the rapidly changing threat landscape, and what your peers are doing to address the threats,” concludes Hamman.