Advertisment

2005-2014: The enterprise threat landscape then and now

The largest DDoS attack reported in 2014 was 400Gbps; ten years ago the largest reported attack was a mere 8Gbps.

author-image
Soma Tah
New Update
ID

USA: Arbor Networks, in its Annual Worldwide Infrastructure Security Report provided a view into the most critical security challenges facing today’s network operators.

Advertisment

Arbor Networks Director of Solutions Architects Darren Anstee said: "In 2004, the corporate world was on watch for self-propagating worms like Slammer and Blaster that devastated networks the year before; and, data breaches were most likely carried out by employees who had direct access to data files. Today, organizations have a much wider and more sophisticated range of threats to worry about, and a much broader attack surface to defend. The business impact of a successful attack or breach can be devastating – the stakes are much higher now."

The threat landscape then and now:

  • Mostly a nuisance and nothing more than an independent event a decade ago, distributed denial-of-service (DDoS) is now a very serious threat to business continuity and the bottom-line. DDoS attacks today are now components of complex, often long-standing advanced threat campaigns.
Advertisment
  • The largest DDoS attack reported in 2014 was 400Gbps; ten years ago the largest reported attack was a mere 8Gbps.
1
  • Application-layer attacks were experienced by 90 percent of respondents in 2014. Ten years ago, 90 percent of respondents cited simple “brute force” flood attacks as the most common attack vector.
  • The human element continues to be a factor in defensive capabilities – not just today, but throughout the last ten years of WISR reporting. Just in the past year alone, 54 percent of respondents reported difficulty hiring and retaining skilled personnel within their security organizations.
Advertisment

Key findings:

Attacks are Growing in Size, Complexity and Frequency

  • Use of reflection/amplification to launch massive attacks: The largest reported attack in 2014 was 400Gbps, with other large reported events at 300, 200 and 170Gbps with a further six respondents reporting events over the 100Gbps threshold. Ten years ago, the largest attack was 8 Gbps.
  • Multi-vector and application-layer DDoS attacks are becoming ubiquitous: 90 percent of respondents reported application-layer attacks and 42 percent experienced multi-vector attacks that combine volumetric, application-layer and state exhaustion techniques within a single sustained attack.
  • DDoS attack frequency is on the rise: In 2013, just over one quarter of respondents indicated they had seen more than 21 attacks per month; in 2014, that percentage has nearly doubled to 38 percent.
Advertisment

Enterprises Are Under Assault

  • DDoS and advanced threats are increasingly common: Nearly half of respondents saw DDoS attacks during the survey period, with almost 40 percent of those seeing their Internet connectivity saturated.
  • Firewalls and IPS devices continue to be targets for attackers: Over one third of organizations had Firewall or IPS devices experience a failure or contribute to an outage during a DDoS attack.
  • Cloud services are a bull’s-eye for attackers: Over one quarter of respondents indicated that they had seen attacks targeting cloud services.
  • Security incidents are up but enterprises are not fully prepared to respond: Just over one third of respondents indicated an increase in security incidents this year, with about half indicating similar levels to last year. 40 percent of respondents felt reasonably or well prepared for a security incident, with 10 percent feeling completely unprepared to respond to an incident.

Data Centers are a High-Volume, High-Impact Target

  • Over one third of data center operators saw DDoS attacks which exhausted their Internet bandwidth. This underscores just how critical of an issue this continues to be for data center operators: downtime means not just lost business for the data center operator, but the collateral damage extended to their customers operating business critical infrastructure in the cloud.
  • Operational expense is the top cost attributed by data center operators to DDoS events. This shows the increasingly high costs of defending against growing attacks and the priority data center operators place on DDoS mitigation.
  • Revenue loss due to DDoS is up sharply:  44 percent of data center respondents experienced revenue losses due to DDoS.
  • Just under half of respondents indicated they had their firewalls experience or contribute towards an outage due to DDoS. This is up from 42 percent last year. Load balancers also saw issues, with over one third of respondents seeing these fail due to DDoS, in the last year.
security