Nature of botnet attacks changing says report

The study, the fifth in an annual series, from Arbor Networks, the security and network management specialist, claims to show that botnet driven distributed denial of service (DDoS) attacks are becoming more complex.

The report, which draws on responses from more than 130 tier one, two and allied network operators from around the world, is designed to allow operators to make more informed decisions about the use of protective network security technology systems.

According to Arbor Networks, as with last year's survey, this year saw more than half of the surveyed providers reported growth in service-level attacks at one gigabit-per-second (Gbps) or less bandwidth levels.

These types of attacks, says the firm, whilst also driven by botnets, are designed to exploit service weaknesses, such as vulnerable and expensive back-end queries and computational resource limitations.

Almost 35% of respondents believe that more sophisticated service and application attacks represent the largest operational threat over the next 12 months – displacing large-scale botnet enabled attacks – which came in second this year at 21%.

Interestingly, several respondents reported prolonged (multi-hour) outages of prominent internet services during the last year due to application-level attacks. These service-level attack targets included assaults on distributed domain name system (DNS) infrastructures, load balancers and large-scale SQL server back-end infrastructure.

In previous versions of the worldwide infrastructure security report, service providers reported near doubling in peak DDoS attack rates year-over-year – with peak attack rates growing from 400 Mbps to more than 40 Gbps since 2001.

This year, however, providers reported a peak sustained attack rate of 49 Gbps – a 22% growth over last year's peak of a 40 Gbps attack – which Arbor Networks says shows the attack scale growth has slowed in the past 12 months.

As a comparison, last year's 40 Gbps attack represented a 67% increase over the largest attack reported in the 2007 survey.

Additionally, only 19% of survey respondents reported the largest attacks they observed as being within the one-to-four Gbps range this year, as opposed to some 30% in 2008.

Delving into the report reveals that the majority of surveyed providers reported concerns over the security implications of IPv6 adoption – and the slow rate of IPv4 to IPv6 migration, or at least the parallel deployment of IPv6.

As in previous years, the company says that providers complained of missing IPv6 security features in routers, firewalls and other critical network infrastructure.

Other providers, meanwhile, say they were worried the lack of IPv6 testing and deployment experience may lead to significant internet-wide security vulnerabilities.

Danny McPherson, Arbor Networks' chief security officer, said that network operators are concerned about the higher risk profile that their operations present, as a result of increased IP network complexities, especially now the industry is moving to cloud computing systems.

"We expect DDoS attack rates to continue to grow, but given that most enterprises are still connected to the internet at speeds of one Gbps or less, any attack over this will be typically effective", he said.

Furthermore, he added, attacks over one Gbps will often trigger collateral damage to adjacent network or customer service elements.

What’s Hot on Infosecurity Magazine?