Google Ideas – which bills itself a ‘think/do’ tank – used anonymous data from Arbor Networks’ ATLAS global threat monitoring system to build the Digital Attack Map, which is a data visualization topology that allows users to explore historical trends in DDoS attacks, and make the connection to related news events on any given day. The data is updated daily, and historical data can be viewed for all countries.
“What our ATLAS data highlights is just how commonplace DDoS attacks have become – both in terms of frequency but also in terms of how many internet users are impacted by DDoS,” said Arbor’s Dan Holden, in a blog. “It’s not just a problem for large, global organizations and service providers, but anyone with an Internet connection can be caught in the crossfire of an attack. The ‘collateral damage’ of an attack against a large organization or service provider are the people that rely on those networks every single day.”
Arbor noted that beginning in 2010, and driven in no small part by the rise of hacktivism, there has been a renaissance in DDoS attacks that has led to innovation in the areas of tools, targets and techniques. Today, DDoS is a complex threat that mixes flood, application and infrastructure attacks in a single, blended attack. And, they’re higher-bandwidth affairs: when Arbor Networks first began working with leading network operators in 2000, flood attacks were in the 400Mbps range, it said. Today, they regularly exceed 100Gbps.
Akamai recently released a study that found hacktivists and others looking to disrupt the operations of a website by flooding it with traffic are taking advantage of the ongoing increase in penetration of broadband worldwide, which has elevated all types of traffic levels. It means that DDoS attacks can somewhat “hide” in the general flow of traffic spikes that are fueled by current events.
“Adversaries conducting DDoS attacks spend increasing effort to make their attacks look more and more like legitimate 'flash mobs' in an effort to elude automated defenses; this creates an ever-escalating arms race to automate the manual analysis that often goes into assessing whether an event was an attack or legitimate traffic due to an unplanned event,” Akamai noted.
The Digital Attack Map, however, aims to help separate the malicious traffic from that being generated by ad hoc interest in something like a sporting event, and shows the ebbs and flows of attack characteristics over time.
“The people at Google Ideas have really done an amazing job bringing Arbor’s global DDoS attack data to life,” said Arbor Networks president Colin Doherty. “The goal of this collaboration was to show what a global threat DDoS is and how DDoS can be used to suppress speech and threaten open access to information.”
The map was introduced today at the Conflict in a Connected World summit, hosted by Google Ideas, in partnership with the Council on Foreign Relations and the Gen Next Foundation.