DDoS attacks motivated by politics not criminality, Arbor Networks finds

Large service providers fear the Anonymous

Large Internet organisations believe ideological and political motivations have become the single commonest motivation behind the +Arbor+Networks+Security+Blog%29, a survey of major Internet firms by has found.

As expected, Arbor Networks' annual Infrastructure Security Report survey of 114 tier 1 Internet infrastructure firms, hosting companies and large enterprises found that DDoS attack size has edged up between 2010 and 2011, with 13 percent now reporting attacks sizes above 10Gbps.

If this is a levelling off on the attack sizes increases seen in previous year that probably has to do with attackers having found a sweet spot that overwhelms most defences without the need to grow larger still.

Nine out of ten said they'd seen at least one DDoS attack per month, up from about three quarters in 2010. Forty-four percent experienced 10 or more attacks per month, also up from the 35 percent mark.

A rising proportion of DDoS is now application-layer attacks while volumetric packet attacks have probably passed their zenith.

The surprise was the low ranking accorded to traditional extortion-related and competitive/business attacks, cited as a motivation only 18 and 19 percent of the time respectively, far behind 'political and ideological' which topped the anxiety table at 35 percent. 'Vandalism' came second on 31 percent.

This is an important development for large firms because ideological attackers are unlikely to cease DDoS after an objective has been achieved; fending off small groups of determined attackers on a more or less continuous basis could be the new normal.

"We think that what's changed is the speed at which companies can be targeted," said Arbor's EMEA solutions architect, Darren Anstee.

"It is not just the things [a company does] but the fact they are in a supply chain or a certain country," he said explaining what could turn an organisation into a target for ideologically-motivated DDoS.

The number of vendors reporting that a DDoS had taken down a firewall or Intrusion Prevention system was hardly changed year on year at the 40 percent mark.

Separately, DDoS defence vendor Prolexic published its Q4 2011 attack report, finding a shift to application layer DDoS and an average attack bandwidth of 5.2Gbps. Attack duration has dropped to 34 hours but this was offset by a large rise in packet-per second volume.

"Based on fourth quarter statistics, Prolexic predicts that 2012 will feature DDoS attacks that will be shorter in duration, but much more devastating in terms of packet-per-second volume," said Prolexic CTO, Paul Sop.

"Think of it this way. In the past, attackers had a rifle. In 2012, they have a machine gun with a laser site." Prolexic predicted this increase in PPS volume in its previous attack report and noted that attackers were changing their strategy.

Join the CSO newsletter!

Error: Please check your email address.

More about Arbor NetworksIntrusion

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place