Advanced persistent threats are a top concern for businesses, while distributed denial-of-service (DDoS) attacks are becoming larger.
The key threat findings of the Annual Worldwide Infrastructure Security Report from Arbor Networks showed that 55 per cent of the 130 respondents named APTs as the top concern, especially for service providers and enterprises. The report also found that data centres and cloud services were being increasingly victimised, with 94 per cent of data centres reporting attacks.
In keeping with its previous report, Arbor Networks said that the standard size of DDoS attacks had plateaued, with the largest attack reported as being 60 gigabits per second.
The report said that application-layer and multi-vector attacks were continuing to evolve, while volumetric attacks are starting to plateau in terms of size. “Attackers have now turned to sophisticated, long-lived, multi-vector attacks – combinations of attack vectors designed to cut through the defences an organisation has in place – to achieve their goals,” it said.
“Multi-vector attacks are the most difficult to defend against and require layered defences for successful mitigation. This year's report includes a case study on the on-going attacks against US financial services organisations, a great example of a multi-vector attack.”
The report claimed that 46 per cent of respondents were experiencing multi-layer attacks, a rise of 27 per cent since last year.
Bloor Research's Fran Howarth believed that the results of the report highlight an important issue – that anyone can be targeted.
“DDoS has evolved from basic attacks that simply tried to overwhelm a connection with data, to ones that are complex and focused on multiple targets at once,” Howarth said.
“It is the enterprise that should pay closer attention to the evolution of DDoS attacks and their consequences. Today, DDoS is the favoured tool of hacktivists and is increasingly seen as a tool for achieving competitive advantage - this should serve as a warning light. I would like the enterprise to start paying as much attention to threats to availability as it does now to data security.”