DDoS in the enterprise: the threat snapshot
DDoS in the enterprise: the threat snapshot

In the past 15 years, we've gone from dial-up internet to massive high bandwidth pipes that have connected and even flattened the world.

Along with this growth and new infrastructure, the threats have also matured - going from web defacement and takedowns to cyber crime, cyber warfare, intellectual property theft and infrastructure attacks.

With the rise of hacktivism, and other complex attack motives, distributed denial-of-service (DDoS) has been transformed into a complex, multi-vector form of attack that targets not just bandwidth capacity, but the infrastructure itself, meaning security and networking technology, as well as the backend applications that run critical business assets.

Many times, attackers will hit multiple areas of the network using multiple approaches all implemented simultaneously, making defence that much more difficult. This was most recently executed during the targeted and very serious DDoS attacks against US-based financial institutions, including major banks such as Bank of America, JP Morgan and Wells Fargo.

These very high-profile attacks showed exactly how attackers have evolved from using sheer brute force to take down networks to more stealthy means of attack – attacks that use multiple techniques (i.e. volumetric, application-layer targeting, etc.) to both breach the network and then remain undetected longer, leaving as much collateral damage behind as possible. Not only do service providers need to work harder to keep their own networks secure, but they are battling to keep their customers' networks secure from increasingly complex attacks as well.

In many ways, the internet has become a critical extension of your own network, and availability its lifeblood. Availability is as critical to an organisation today as electricity. If an organisation is taken offline like it was in the bank attack example, they can and will lose the ability to generate revenue from their customers, or the ability to access cloud-based data and applications.

In fact, our recently released eighth annual Worldwide Infrastructure Security Report shows in stark detail just how difficult the threat landscape has become for network operators to manage and mitigate the threats coming at them from all vectors.

This annual report offers a real-world view into today's network security threats and mitigation techniques and is based on survey data from 130 enterprise network operators and service providers from around the world. They're all battling the same DDoS threat landscape, one that has markedly evolved in the past couple of years – farther and farther away from very large attacks that overwhelm the infrastructure and towards more complex, multi-vector attacks that attempt to stealthily enter the network, avoiding detection for as long as possible.

One marked change noted in this year's report: the motivation for DDoS attacks has evolved from single publicity-seeking hackers to organised 'hacktivist' groups, geo-political targets, competitive takeouts and coordinated attacks that combine DDoS with other more stealthy attacks.

Meanwhile, the variety, scope and evolution of DDoS attacks have created an all-out assault on today's enterprises—threatening service availability, employee productivity, organisational integrity and revenue.

Stepping back a bit – DDoS attack motivations are certainly shifting, as noted above, but their prevalence remains the same: very high. According to survey data, half of all enterprise respondents have experienced distributed DDoS attacks against their infrastructure during the 12-month survey period, and one-quarter encountered DDoS attacks against customer- and partner-facing services. Top concerns about threats in the next 12 months are DDoS attacks, data exfiltration and under-capacity for internet bandwidth.

The result? DDoS should be top-of-mind for today's enterprises and executives. However, survey data conflicts with what one would expect given the intensity of the DDoS threat landscape today: only 38 per cent of enterprise respondents saw an increased awareness of the DDoS threat in their organisation, while half believe their C-level executives are not aware of the threat DDoS attacks pose to internet service availability.

This may indicate that the business impact of DDoS attacks has not yet been fully appreciated within some organisations, despite the continued mainstream press coverage of such attacks. On a more encouraging note, however, 50 per cent of enterprise respondents confirmed that DDoS protection is part of their business risk management process for internet service availability. This is in addition to traditional concerns such as fire protection, power stability and physical access.

As the key findings from this year's report demonstrates, enterprise organisations are under constant attack from a variety of DDoS-type threats — and it is only expected to get worse throughout the year.

In order to effectively address these attacks and protect the network from downtime, organisations need broad, flexible solutions designed specifically to protect availability.

Dan Holden is the director of Asert, Arbor Network's security engineering and response team