Malicious attacks on networks are continuing to grow.
According to a report by Arbor Networks, attacks grew at an alarming rate over the past year with smaller and more sophisticated attacks proving to be more difficult to manage than larger, brute-force attacks.
Arbor claimed that service-level and application-targeted attacks, DNS poisoning and route hijacking are more difficult to manage than larger, brute force attacks and can cause a serious disruption in network service or enable further compromise.
It also claimed that distributed denial-of-service (DDoS) attacks had been as large as 40 gigabits in the last year. The largest sustained attacks reported in the last two years were 24 gigabits per second (Gbps) and 17 Gbps, respectively. This represents a 67 per cent increase in attack scale over last year, an increase of nearly 2.5 times of the largest attack reported in 2006, and a 100-fold increase since 2001.
Botnets remain as the largest problem facing network operators in the next 12 months according to the report, with 26 per cent of respondents claiming that they were the primary vehicle for delivering the largest problems to network operations and security engineers.
The survey also asked providers where new threats could emerge in the next year. Fifty-five per cent of respondents said the scale and frequency of security threats for IPv6 will increase as it becomes more widely deployed, while only eight per cent of respondents believe threats will decrease with improved IPv6 deployment.
Although VoIP continues to be a rising attack vector for miscreants, providers were underprepared to protect their VoIP infrastructure from attack. Only 21 per cent of respondents indicated that they had tools in place to detect threats against VoIP infrastructure or services.
Rob Malan, co-founder and CTO of Arbor Networks, said: “Many organisations generate most or all of their revenue from web or other network service transactions, and their internet ‘presence' is critical to their fiscal well-being. As a result, many organisations now consider a subscription to MSS as an everyday cost of doing business on the internet, and budget for these services just as they would disaster recovery, data backups, and traditional network redundancy.”
Danny McPherson, chief security officer for Arbor, said: “Detection of application layer attacks is more difficult than with flood based attacks. Providers need to have deep application insight into IP services and applications – such as DNS, HTTP, VoIP, IM and P2P – in order to identify, and mitigate such attacks. To do so effectively, ISPs today must have the ability to detect and surgically remove only the attack traffic while maintaining legitimate business traffic – thereby ensuring the highest level of customer satisfaction.
“ISPs are currently waging a multi-faceted battle as they face increased cost and revenue pressure, along with multi-threaded attacks that are growing in size, frequency and sophistication. The good news is that through improved communications and information sharing in the operational security community – this report included – the service provider community will be better prepared for the fight against internet threats today and in the future.
“The growth in attack size continues to significantly outpace the corresponding increase in underlying transmission speed and infrastructure investment. And, while most ISPs now have the infrastructure to detect bandwidth flood attacks, we found that many still lack the ability to quickly mitigate these attacks; only a small percentage of the providers we surveyed said they have the capability to mitigate DDoS attacks in ten minutes or less.
“What's even more concerning is that even fewer providers have the infrastructure to defend against service-level attacks or this year's reported peak of a 40 gigabit flooding attack. This is an area of weakness for operators that can be exploited quickly.”