RSS Alerts

Share

More services

Related Links

  • Arbor Networks
  • Elsevier Ltd is not responsible for the content of external websites.

Related Stories

  • SecureWorks scoops up UK's dns in private cash and stocks deal
    SecureWorks, the US managed information security services specialist, has acquired dns, its UK-based rival, in a cash-and-stock deal that remains private between the two companies.
  • ENISA evaluates network resilience of MPLS, IPv6 and DNSSEC
    The European Network and Information Security Agency (ENISA) has released two reports on how and if Multi Protocol Label Switching (MPLS), Internet Protocol version 6 (IPv6) and Domain Name System Security Extensions (DNSSEC) could improve the resilience of communication networks.
  • Service providers lack confidence in LEAs
    Arbor Networks’ 7th annual Worldwide Infrastructure Security Report presents a view of 2011 security through the eyes of the providers: ISPs, hosting companies, and service providers. It focuses on DDoS.
  • From the Eye of the Storm: 2011 Information Security Predictions
    Last January, Infosecurity magazine published prognostications by the (ISC)² Advisory Board of the Americas (ABA) regarding the information security field in 2010. Unlike many who have attempted to envision the future, the ABA has gone back and reviewed the accuracy of its predictions and provided a letter grade for each. The ABA will then offer new predictions for 2011.
  • Blackhats replace brawn with brain in attacking networks
    Blackhats are working smarter rather than harder in attacks on network infrastructure, according to a comprehensive report on internet infrastructure security from Arbor Networks.

Top 5 Stories

News

Nature of botnet attacks changing says report

01 February 2010

A report just published concludes that the nature of botnet attacks is changing, with large-scale attacks being replaced by service and application-layer swarms.

The study, the fifth in an annual series, from Arbor Networks, the security and network management specialist, claims to show that botnet driven distributed denial of service (DDoS) attacks are becoming more complex.

The report, which draws on responses from more than 130 tier one, two and allied network operators from around the world, is designed to allow operators to make more informed decisions about the use of protective network security technology systems.

According to Arbor Networks, as with last year's survey, this year saw more than half of the surveyed providers reported growth in service-level attacks at one gigabit-per-second (Gbps) or less bandwidth levels.

These types of attacks, says the firm, whilst also driven by botnets, are designed to exploit service weaknesses, such as vulnerable and expensive back-end queries and computational resource limitations.

Almost 35% of respondents believe that more sophisticated service and application attacks represent the largest operational threat over the next 12 months – displacing large-scale botnet enabled attacks – which came in second this year at 21%.

Interestingly, several respondents reported prolonged (multi-hour) outages of prominent internet services during the last year due to application-level attacks. These service-level attack targets included assaults on distributed domain name system (DNS) infrastructures, load balancers and large-scale SQL server back-end infrastructure.

In previous versions of the worldwide infrastructure security report, service providers reported near doubling in peak DDoS attack rates year-over-year – with peak attack rates growing from 400 Mbps to more than 40 Gbps since 2001.

This year, however, providers reported a peak sustained attack rate of 49 Gbps – a 22% growth over last year's peak of a 40 Gbps attack – which Arbor Networks says shows the attack scale growth has slowed in the past 12 months.

As a comparison, last year's 40 Gbps attack represented a 67% increase over the largest attack reported in the 2007 survey.

Additionally, only 19% of survey respondents reported the largest attacks they observed as being within the one-to-four Gbps range this year, as opposed to some 30% in 2008.

Delving into the report reveals that the majority of surveyed providers reported concerns over the security implications of IPv6 adoption – and the slow rate of IPv4 to IPv6 migration, or at least the parallel deployment of IPv6.

As in previous years, the company says that providers complained of missing IPv6 security features in routers, firewalls and other critical network infrastructure.

Other providers, meanwhile, say they were worried the lack of IPv6 testing and deployment experience may lead to significant internet-wide security vulnerabilities.

Danny McPherson, Arbor Networks' chief security officer, said that network operators are concerned about the higher risk profile that their operations present, as a result of increased IP network complexities, especially now the industry is moving to cloud computing systems.

"We expect DDoS attack rates to continue to grow, but given that most enterprises are still connected to the internet at speeds of one Gbps or less, any attack over this will be typically effective", he said.

Furthermore, he added, attacks over one Gbps will often trigger collateral damage to adjacent network or customer service elements.

This article is featured in:
Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012