Frequency of Distributed Denial of Service (DDoS) attacks against infrastructure providers continues to increase, with some data centers assaulted dozens of times a month, according to the annual Worldwide Infrastructure Security Report published by Arbor Networks.
Almost two-thirds of respondents in the data center industry said they have experienced DDoS attacks in the past year, while 44 percent admitted they took a financial loss due to DDoS.
All brawn
The most widespread type of DDoS attack uses hundreds or even thousands of systems previously infected with malware to flood a single target with traffic, and shut it down.
This practice has gained popularity as a cheap and easy way to cause financial damage and disrupt websites, adopted by everyone from ‘hacktivists’ to professional cybercriminals. Today, ‘DDoS for hire’ services are widely available online.
As a more recent trend, DDoS attacks have been employed to divert attention from serious fraudulent activities or data theft.
In its latest report, security software vendor Arbor Networks has surveyed 287 organizations, 64 percent of which offer data center services. Among data center operators, 17 percent said they are experiencing between 21 and 50 DDoS attacks every month. Over a third saw major DDoS in the past year that had completely exhausted their Internet bandwidth.
Just under half of respondents indicated that their firewalls experienced or contributed to an outage due to DDoS. Load balancers also saw issues, with over a third of respondents seeing these fail due to DDoS in the past year.
Application-layer attacks targeting encrypted web services (HTTPS) have declined by 12 percent year-on-year, while the number of attacks targeting cloud-based services has grown significantly.
In total, Arbor registered at least ten attacks with strength of more than 100Gbps in 2014 – for comparison, 2010 saw just a single attack of this size.
As their top challenges, respondents cited lack of security professionals and difficulty in finding skilled candidates - Arbor says there has been a 14 percent rise in reporting the latter, which indicates that the skills shortage within the security industry remains an acute problem.
Arbor has been publishing the Infrastructure Security Report since 2005. “In 2004, the corporate world was on watch for self-propagating worms like Slammer and Blaster that devastated networks the year before; and, data breaches were most likely carried out by employees who had direct access to data files,” said Darren Anstee, director of Solutions Architects at Arbor.
“Today, organizations have a much wider and more sophisticated range of threats to worry about, and a much broader attack surface to defend. The business impact of a successful attack or breach can be devastating – the stakes are much higher now.”