Arbor Networks, the security division of NETSCOUT, has released its 13th Annual Worldwide Infrastructure Security Report (WISR), offering direct insights from network and security professionals into the most critical security challenges facing today’s network operators.
Key findings of the report
57% of enterprises and 45% of data centre operators saw their internet bandwidth saturated due to DDoS attacks.
7.5 million DDoS attacks recorded in 2017, according to data from NETSCOUT Arbor’s Active Threat Level Analysis System (ATLAS) infrastructure, while enterprises reported a 30% increase in stealthy application-layer attacks.
59% of service providers and 48% of enterprises experienced multi-vector attacks, a 20% increase over last year.
Multi-vector attacks combine high volume floods, application-layer attacks and TCP-state exhaustion attacks in a single sustained offensive, increasing mitigation complexity and attackers’ chances for success.
As a result of the above points, the report notes that successful DDoS attacks are having greater operational and financial impact.
57% cited reputation/brand damage as their main business impact, with operational expenses second.
56% experienced a financial impact of between $10,000 and $100,000, almost double the proportion from 2016.
48% of data centre operators said customer churn was a key concern following a successful attack.
The report notes that network and security teams are challenged by an active and complex threat landscape, as well as persistent staffing issues.
88% of service providers use intelligent DDoS mitigation solutions and 36% use technology that automates DDoS mitigation. Increased investment in specialised tools automation is driven by the sheer number of attacks faced in service provider networks.
Attack frequency is also driving demand for managed security services.
38% of enterprises relied on third-party and outsourced services, a jump from 28% the previous year.
Only 50% carried out defensive drills, and the proportion of respondents carrying out drills at least every quarter fell 20 percent.
54% of enterprises and 48% of service providers have difficulty hiring and retaining skilled personnel.
The report covers a wide variety of topics, from attack trends to SDN/NFV and IPv6 adoption, to key organisational issues such as incident response training and staffing challenges.
One finding which illustrates the increasingly complex environment, as outlined in the report, is the rise in multi-vector attacks that simultaneously target bandwidth, applications and stateful infrastructure (experienced by 48% of respondents, up from 40% last year).
These attacks challenge defences as well as security teams and processes.
This year’s report shows that the frequency and complexity of distributed denial of service (DDoS) attacks are rising and that defenders are turning to automation and managed services for support.
The proliferation of Internet of Things (IoT) devices across networks simultaneously brings enormous potential benefits to businesses and consumers, but vulnerability also, as attackers are able to weaponise them due to security vulnerabilities.
“Attackers focused on complexity this year, leveraging weaponisation of IoT devices while shifting away from reliance on massive attack volume to achieve their goals. They have been effective, and the proportion of enterprises experiencing revenue loss due to DDoS nearly doubled this year, emphasising the significance of the DDoS threat,” said Chief Technology Officer, NETSCOUT Arbor, Darren Anstee. “The results of the WISR, together with our ATLAS data, demonstrate why an integrated multi-layer defence from the data centre to the cloud is required.”
Arbor Network’s Territory Manager for Sub-Saharan Africa, Bryan Hamman, notes that South Africa was within the top 10 of countries targeted by DDoS attacks for both the 2018 and 2017 Arbor WISR reports.
He says, “While it is true that mapping DDoS source/destination IP addresses to geographical locations can be challenging due to factors such as source address spoofing by attackers, there is still no question that South Africa is on the radar for DDoS attacks, and as such our business arena cannot afford to be complacent.
“This latest report shows some interesting developments, for example that, while the number of very large attacks decreased in 2017 compared to 2016, the number of attacks between 2Gps and 5Gps is growing steadily. The report notes that this could also be an indication of attacker innovation, as new attack vectors are developed, such as the Mirai botnet’s ability to launch application-layer as well as volumetric attacks.”
The largest DDoS attack reported in this report by a service provider was 600 Gbps, down from 800 Gbps the previous year. In general, peak attack sizes and the frequency of very large attacks decreased.
The data in the report was collected by NETSCOUT Arbor through a survey conducted in October 2017, and is based on survey data accumulated from those who are directly involved in day-to-day operational security, with the continuing core goal of providing real insight into infrastructure security from an operational perspective.
Nearly two-thirds of all respondents identify as security, network or operations professionals. Security professionals have the highest representation at 32%.
The document highlights key industry trends and threats facing network operators, along with the strategies used to mitigate them. The survey garnered wide participation from all around the world.
“The report is critical reading for network operators, as it outlines the challenges ahead for those involved in day-to-day security operations, how your network infrastructure may be negatively affected by the rapidly changing threat landscape, and what your peers are doing to address the threats,” concludes Hamman.