RSS Alerts

Related Links

  • Arbor Networks
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • SecureWorks scoops up UK's dns in private cash and stocks deal
    SecureWorks, the US managed information security services specialist, has acquired dns, its UK-based rival, in a cash-and-stock deal that remains private between the two companies.
  • ENISA evaluates network resilience of MPLS, IPv6 and DNSSEC
    The European Network and Information Security Agency (ENISA) has released two reports on how and if Multi Protocol Label Switching (MPLS), Internet Protocol version 6 (IPv6) and Domain Name System Security Extensions (DNSSEC) could improve the resilience of communication networks.
  • Cybercriminals adopt business strategies
    Online criminals are using state of the art business strategies to commit cybercrimes, says network equipment maker Cisco.
  • US standards drive Canadian information security
    An absence of legislation and the presence of the laissez-faire attitude has resulted in Canada being rather lax when it comes to information security compliance. Robin Arnfield looks at how US standards are driving the Canadian information security marketplace
  • Keynote Theatre Agenda
    The 2010 Keynote programme will address the security issues and pressures that organisations face in an increasingly mobile and global working environment. Leading security experts, industry innovators and speakers from the end-user community who will provide expert analysis, real-life case studies, strategic advice and predictions.

News

Nature of botnet attacks changing says report

01 February 2010

A report just published concludes that the nature of botnet attacks is changing, with large-scale attacks being replaced by service and application-layer swarms.

The study, the fifth in an annual series, from Arbor Networks, the security and network management specialist, claims to show that botnet driven distributed denial of service (DDoS) attacks are becoming more complex.

The report, which draws on responses from more than 130 tier one, two and allied network operators from around the world, is designed to allow operators to make more informed decisions about the use of protective network security technology systems.

According to Arbor Networks, as with last year's survey, this year saw more than half of the surveyed providers reported growth in service-level attacks at one gigabit-per-second (Gbps) or less bandwidth levels.

These types of attacks, says the firm, whilst also driven by botnets, are designed to exploit service weaknesses, such as vulnerable and expensive back-end queries and computational resource limitations.

Almost 35% of respondents believe that more sophisticated service and application attacks represent the largest operational threat over the next 12 months – displacing large-scale botnet enabled attacks – which came in second this year at 21%.

Interestingly, several respondents reported prolonged (multi-hour) outages of prominent internet services during the last year due to application-level attacks. These service-level attack targets included assaults on distributed domain name system (DNS) infrastructures, load balancers and large-scale SQL server back-end infrastructure.

In previous versions of the worldwide infrastructure security report, service providers reported near doubling in peak DDoS attack rates year-over-year – with peak attack rates growing from 400 Mbps to more than 40 Gbps since 2001.

This year, however, providers reported a peak sustained attack rate of 49 Gbps – a 22% growth over last year's peak of a 40 Gbps attack – which Arbor Networks says shows the attack scale growth has slowed in the past 12 months.

As a comparison, last year's 40 Gbps attack represented a 67% increase over the largest attack reported in the 2007 survey.

Additionally, only 19% of survey respondents reported the largest attacks they observed as being within the one-to-four Gbps range this year, as opposed to some 30% in 2008.

Delving into the report reveals that the majority of surveyed providers reported concerns over the security implications of IPv6 adoption – and the slow rate of IPv4 to IPv6 migration, or at least the parallel deployment of IPv6.

As in previous years, the company says that providers complained of missing IPv6 security features in routers, firewalls and other critical network infrastructure.

Other providers, meanwhile, say they were worried the lack of IPv6 testing and deployment experience may lead to significant internet-wide security vulnerabilities.

Danny McPherson, Arbor Networks' chief security officer, said that network operators are concerned about the higher risk profile that their operations present, as a result of increased IP network complexities, especially now the industry is moving to cloud computing systems.

"We expect DDoS attack rates to continue to grow, but given that most enterprises are still connected to the internet at speeds of one Gbps or less, any attack over this will be typically effective", he said.

Furthermore, he added, attacks over one Gbps will often trigger collateral damage to adjacent network or customer service elements.

 

This article is featured in:
Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water