Australia a growing source of DDoS attacks as well as a target, Arbor warns

Distributed denial of service (DDoS) attacks against Australian targets grew in intensity and a growing share of attacks is originating inside the country rather than outside of it, new research from Arbor Networks has found.

The security firm's 10th Annual Worldwide Infrastructure Security Report found that the largest DDoS attack in Australia during 2014 peaked at 77Gbps, during August.

That was a fraction of the record 400Gbps attack observed worldwide last year, but a volume that Arbor Networks country manager told CSO Australia was “very much consistent with the global trend” as increasing use of reflection and amplification-based attacks helped DDoS perpetrators significantly boost the scope and effectiveness of their DDoS attacks.

Significantly, around 15 percent of the attacks Arbor recorded came from within Australia rather than outside of it, as has traditionally been the case in the past.

“At the beginning of the year we saw some of those amplification attacks growing, but there were continued attacks throughout the year,” Race explained. “With the advent of better broadband networks, we're now getting some firepower capable of doing this in Australia.”

Some 65 percent of all DDoS attacks were volumetric flood-based attacks, focused on generating as much traffic as possible. Many organisations' security defences were overwhelmed by the increasing DDoS volumes, with 35 percent of organisations reporting that their firewall or intrusion prevention systems had failed due to a DDoS attack.

Sheer volume wasn't the only defining characteristic of the DDoS analysis, however: a growing number of attacks were being targeted not just at random IP addresses, but focused specifically as layer-7 attacks on particular applications.

Such attacks are now “ubiquitous”, the analysis concluded, noting that 20 percent of all service providers and 29 percent of enterprises reported attacks targeting the application layer.

Web-related applications were common targets, with 81 percent of enterprise respondents reporting application-layer attacks against HTTP and 58 percent reporting attacks against HTTPS and DNS.

Not only were DDoS perpetrators changing their method of attack, Race warned, but many were beginning to use DDoS attacks “as a diversionary tactic” to mask other malicious activities.

“There will be increasing sophistication this year, where some of the advanced threats are going to be blended with DDoS,” he explained.

This would be particularly concerning for cloud infrastructure providers, he said, noting that their exposure to online bandwidth availability could potentially make DDoS attacks particularly damaging.

The problem was getting big enough, particularly with the uptick in domestic DDoS attacks, that cloud-based service providers would increasingly need to bolster their offerings with anti-DDoS capabilities.

“Cloud services are quite vulnerable to DDoS attack,” Race said. “As organisations outsource to the cloud, they need to make sure the cloud provider they select is one that's capable of dealing with DDoS attacks.”

“It's becoming a differentiator for cloud service providers to say that they not only offer cloud services, but offer cloud services with DDoS protection. As we go more and more online, downtime becomes a business cost.”

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Upcoming IT Security Events

Feb 3rd, Feb 4th, Feb 6th 2015

Join @NirZuk #PaloAltoNetworks for Breakfast (lunch in Auckland) on keeping your enterprise safe from risk. Cyber attacks continue to increase in volume and sophistication leaving traditional security practices completely ineffective. 

Register Today Seats are limited

March 3rd, March 5th, March 9th 2015

Join CSO for the day@#csoperspectives and hear from @kimzetter @LeviathanSec

3 International Keynote speakers, 36 Key IT Security Industry Speaker, 21 Exhibitors, Security Analysts and many more.. Register today

Read more: NAS security review: Synology DS1515+ running DSM 5.1-5022

Dont miss one of the biggest IT Security events in ANZ (registration is free, but seats are limited)

Join the CSO newsletter!

Error: Please check your email address.

Tags cybersecurityprotectioncyber attacks77Gbpssecurity firm'sAustraliaArborCSO AustraliacybercrimeDDoS attacksEnex TestLab

More about Arbor NetworksCSOEnex TestLabIT Security

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts