Arbor Networks Inc., the security division of NETSCOUT (NASDAQ: NTCT), today released its 12th Annual Worldwide Infrastructure Security Report (WISR) offering direct insights from network and security professionals at the world’s leading service provider, cloud/hosting and enterprise organisations. The report covers a comprehensive range of issues from threat detection and incident response to managed services, staffing and budgets. Its focus is on the operational challenges internet operators face daily from network-based threats and the strategies adopted to address and mitigate them.
This year’s report shows the stakes have changed for network and security teams. The threat landscape has been transformed by the emergence of Internet of Things (IoT) botnets. As IoT devices proliferate across networks, bringing tremendous benefits to businesses and consumers, attackers are able to weaponise them due to inherent security vulnerabilities. This year’s report goes in-depth, covering how attackers exploit and recruit IoT devices, how IoT botnets enabled by Mirai source code operate and offers practical advice on how to defend against them.
The largest distributed denial-of-service (DDoS) attack reported this year was 800 Gbps, a 60% increase over 2015’s largest attack of 500 Gbps. Not only are DDoS attacks getting larger, but they are also becoming more frequent and complex. This increased scale and complexity has led more businesses to deploy purpose-built DDoS protection solutions, implement best practice hybrid defences and increase time for incident response practice – all positive developments in an otherwise gloomy threat environment.
“The survey respondents have grown accustomed to a constantly evolving threat environment with steady increases in attack size and complexity over the past decade,” said Darren Anstee, Arbor Networks Chief Security Technologist. “However, IoT botnets are a game changer because of the numbers involved. There are billions of these devices deployed, and they are being easily weaponised to launch massive attacks. Increasing concern over the threat environment is reflected in the survey results, which show significant improvements in the deployment of best practice technologies and response processes.”
Innovation and Exploitation Fuel DDoS Attack Landscape: The emergence of botnets that exploit inherent security weaknesses in IoT devices and the release of the Mirai botnet source code have increased attackers’ abilities to launch extremely large attacks.
Scale: The massive growth in attack size has been driven by increased attack activity on all reflection/amplification protocols, and by the weaponisation of IoT devices and the emergence of IoT botnets.
Frequency: The chances of being hit by a DDoS attack have never been higher, with respondents showing increased rates of attack.
Complexity: Multiple simultaneous attack vectors are increasingly being used to target different aspects of a victim’s infrastructure at the same time. These multi-vector attacks are popular because they can be difficult to defend against and are often highly effective, driving home the need for an agile, multi-layer defence.
Consequences of DDoS Attacks Are Becoming Clear: DDoS attacks have successfully made many leading web properties unreachable – costing thousands, sometimes millions, of dollars in revenue. This has led the C-suite and company boards to make DDoS defence a top priority.
More Appreciation of Risk Leads to Better Behaviour: This year’s survey results indicate a better understanding of the brand damage and operational expense of successful DDoS attacks, driving focus on best-practice defensive strategies. Across the board, in every industry, there has been an increase in the use of purpose-built DDoS protection solutions and best practice methods.
Survey Scope & Demographics
Arbor Networks, the security division of NETSCOUT, is driven to protect the infrastructure and ecosystem of the internet. It is the principle upon which we were founded in 2000; and remains the common thread that runs through all that we do today. Arbor’s approach is rooted in the study of network traffic. Arbor’s suite of visibility, DDoS protection and advanced threat solutions provide customers with a micro view of their network enhanced by a macro view of global internet traffic and emerging threats through our ATLAS infrastructure. Sourced from more than 300 service provider customers, ATLAS delivers intelligence based on insight into approximately 1/3 of global internet traffic. Supported by Arbor’s Security Engineering & Response Team (ASERT), smart workflows and rich user context, Arbor’s network insights help customers see, understand and solve the most complex and consequential security challenges facing their organisations.