Distributed denial of service (DDoS) attacks against Australian targets grew in intensity and a growing share of attacks is originating inside the country rather than outside of it, new research from Arbor Networks has found.
The security firm's 10th Annual Worldwide Infrastructure Security Report found that the largest DDoS attack in Australia during 2014 peaked at 77Gbps, during August.
That was a fraction of the record 400Gbps attack observed worldwide last year, but a volume that Arbor Networks country manager told CSO Australia was “very much consistent with the global trend” as increasing use of reflection and amplification-based attacks helped DDoS perpetrators significantly boost the scope and effectiveness of their DDoS attacks.
Significantly, around 15 percent of the attacks Arbor recorded came from within Australia rather than outside of it, as has traditionally been the case in the past.
“At the beginning of the year we saw some of those amplification attacks growing, but there were continued attacks throughout the year,” Race explained. “With the advent of better broadband networks, we're now getting some firepower capable of doing this in Australia.”
Some 65 percent of all DDoS attacks were volumetric flood-based attacks, focused on generating as much traffic as possible. Many organisations' security defences were overwhelmed by the increasing DDoS volumes, with 35 percent of organisations reporting that their firewall or intrusion prevention systems had failed due to a DDoS attack.
Sheer volume wasn't the only defining characteristic of the DDoS analysis, however: a growing number of attacks were being targeted not just at random IP addresses, but focused specifically as layer-7 attacks on particular applications.
Such attacks are now “ubiquitous”, the analysis concluded, noting that 20 percent of all service providers and 29 percent of enterprises reported attacks targeting the application layer.
Web-related applications were common targets, with 81 percent of enterprise respondents reporting application-layer attacks against HTTP and 58 percent reporting attacks against HTTPS and DNS.
Not only were DDoS perpetrators changing their method of attack, Race warned, but many were beginning to use DDoS attacks “as a diversionary tactic” to mask other malicious activities.
“There will be increasing sophistication this year, where some of the advanced threats are going to be blended with DDoS,” he explained.
This would be particularly concerning for cloud infrastructure providers, he said, noting that their exposure to online bandwidth availability could potentially make DDoS attacks particularly damaging.
The problem was getting big enough, particularly with the uptick in domestic DDoS attacks, that cloud-based service providers would increasingly need to bolster their offerings with anti-DDoS capabilities.
“Cloud services are quite vulnerable to DDoS attack,” Race said. “As organisations outsource to the cloud, they need to make sure the cloud provider they select is one that's capable of dealing with DDoS attacks.”
“It's becoming a differentiator for cloud service providers to say that they not only offer cloud services, but offer cloud services with DDoS protection. As we go more and more online, downtime becomes a business cost.”
This article is brought to you by Enex TestLab, content directors for CSO Australia.
Upcoming IT Security Events
Feb 3rd, Feb 4th, Feb 6th 2015
Join @NirZuk #PaloAltoNetworks for Breakfast (lunch in Auckland) on keeping your enterprise safe from risk. Cyber attacks continue to increase in volume and sophistication leaving traditional security practices completely ineffective.
March 3rd, March 5th, March 9th 2015
Join CSO for the day@#csoperspectives and hear from @kimzetter @LeviathanSec
3 International Keynote speakers, 36 Key IT Security Industry Speaker, 21 Exhibitors, Security Analysts and many more.. Register today
Dont miss one of the biggest IT Security events in ANZ (registration is free, but seats are limited)