DDoS targets look to outside help as attacks target cloud, distract from data theft

Multi-vector attacks became more prevalent over the last year as more than half of data-centre operators were hit by distributed denial of service (DDoS) attacks that exhausted their bandwidth, according to an Arbor Networks survey that found disruption of business processes had joined loss of personal information as the top business security concerns.

The 2016 Arbor Networks Worldwide Infrastructure Security Report found strong growth in the prevalence of advanced persistent threats (APTs), which were reported by 23 percent of service-provider respondents – up from 18 percent the year before.

Malicious insiders were also becoming more common, with reports suggesting they were to blame in 17 percent of attacks versus 12 percent last year. And cloud services were rapidly becoming DDoS victims, comprising 33 percent of attacks – up from 29 percent last year and 19 percent in 2013.

“A constantly evolving threat environment is an accepted fact of life for survey respondents,” Arbor Networks chief security technologist Darren Anstee said in a statement. “The findings underscore that technology is only part of the true story since security is a human endeavour and there are skilled adversaries on both sides.”

There were signs of improvement in organisational efforts to improve their security response, however: 75 percent said they had undergone incident response planning – up from 68 percent last year – and 85 percent said they now have formal breach notification processes in place.

This included 42 percent who had engaged the support of an IT forensic expert or other specialist IT provider – mirroring an overall trend to look outside the organisation for skills and support. This year 57 percent of respondents (up from 45 percent last year) said they were looking for solutions to speed up the incident response process – with automated threat detection tools the most popular approach – and 38 percent (down from 46 percent) were looking to increase internal resources to improve incident preparedness.

Some 17 percent were involved with regulators, 13 percent involved with specialist legal advisers. And while 22 percent said they had a “well resourced” team for incident handling, 11 percent had no dedicated resources and 53 percent said they had “limited resources” for dealing with security incidents.

Efforts to bolster incident response – which can often become a protracted cat-and-mouse game for security specialists – were matched by a surge in DDoS severity, with the largest reported attack reaching 500Gbps. Attacks of 450Gbps, 425Gbps and 337 Gbps were also reported, as were five attacks over 200Gbps.

Indeed, nearly one-quarter of the respondents to the Arbor survey – representing 223 attacks in total – reported peak attacks over 100Gbps – a volume that would have set DDoS records just a few years ago.

Read more: In omen for DDoS-hit Australia, new reflection attacks leverage third-party services

Application-layer attacks were seen by 93 percent of respondents, up from 90 percent in 2014 and 86 percent in 2013. DNS (used in 84 percent of attacks) and NTP (77 percent) were by far the most commonly-exploited DDoS reflection attack vectors, with more than 55,000 NTP attacks in September and October 2015 alone.

Some 26 percent of DDoS attacks were used as a distraction to divert attention from contemporaneous malware infiltration or data exfiltration, the Arbor survey found. Other attacker motivations included criminals demonstrating DDoS capabilities (42 percent), criminal extortion (35 percent), competition between business organisations (23 percent), and financial market manipulation (19 percent).

Australian businesses have particularly suffered from recent growth in DDoS attacks, with Arbor last year finding that attacks on Australian targets were twice as hard as the regional average – and that better access to broadband was turning Australia into a source of DDoS attacks as well.

Join the CSO newsletter!

Error: Please check your email address.

Tags arbor networksddostarget clouddata-centreWorldwide Infrastructure Security ReportCSO Australia

More about Arbor Networks

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts