You would expect that over the last ten years software developers and network operators would have gotten much better at fending off and preventing DDoS (distributed denial-of-service) attacks. That’s far from the case.
The tenth annual report on worldwide infrastructure security (WISR) has been released by Arbor Networks – and the news is sobering.
Attack Frequency and Severity
A decade ago DDoS attacks were occasional and uncoordinated; the bigger threats came from brute force attacks, self-propagating worms and network compromised internally by staff members. In 2014, DDoS attacks are regular, often massive, and many times part of a larger, complex campaign against a company or organization.
Ubiquity: Almost 50% of data centers responding to the latest WISR survey reported that they had experienced DDoS attacks in 2014, and four-fifths of those had their connectivity saturated due to a DDoS.
Frequency: Nearly 40% said they’d had a monthly average of more than 21 attacks; that’s almost double the number who’d experienced that many attacks the previous year.
Size: In 2005, the largest DDoS attack reported was only 8 Gbps. Last year, the largest peaked at 400 Gbps (the most massive attack in history, on an ISP whose name hasn’t been released). In 2013, there were a total of 39 attacks above the 100 Gbps level; in 2014 there were 159. One reason for the larger assaults: the use of amplification and reflection to increase attack size.
Cost: Almost 50% of those participating reported that they had lost revenue because of DDoS problems.
Attack Methods and Targets
We’re far from the days of brute force attacks bringing ISPs to their knees. Modern DDoS attacks focus on many different types of devices and services, in several different ways.
Complicated: A whopping 90% of respondents had suffered multiple application-layer assaults on their data centers; even scarier, almost half saw multi-vector attacks involving a combination of application-layer, volumetric and state exhaustion assaults all at once.
Varied: Attacks targeting DNS (the target in the well-known Spamhaus case) and NTP (hit in the CloudFlare case) continue to be a problem, but now many other protocols are in attackers’ sights. During 2014, there were large-scale DDoS assaults on protocols such as Chargen, SNMP, DVMRP and SSDP. Other new targets include cloud services, with more than a quarter of them reporting DDoS issues in the past year; and firewalls and other intrusion prevention systems, which data centers reported were compromised or taken down during 30% of attacks.
Security and The Future
The WISR report cautions that most data centers and corporations are not completely ready to respond to this continuing increase in threats. Even though the frequency and severity of DDoS attacks continues to grow and the number of enterprises affected is increasing rapidly, nearly half of respondents believe they’re at least reasonably prepared to deal with future attacks. Those numbers would seem to conflict with the facts; more than a third of the participating data centers experienced significant downtime during DDoS attacks in 2014, and well over 50% say that over the past year they’ve had trouble finding and keeping employees skilled in security measures..
