DDoS targets look to outside help as attacks target cloud, distract from data theft
- 27 January, 2016 11:34
Multi-vector attacks became more prevalent over the last year as more than half of data-centre operators were hit by distributed denial of service (DDoS) attacks that exhausted their bandwidth, according to an Arbor Networks survey that found disruption of business processes had joined loss of personal information as the top business security concerns.
The 2016 Arbor Networks Worldwide Infrastructure Security Report found strong growth in the prevalence of advanced persistent threats (APTs), which were reported by 23 percent of service-provider respondents – up from 18 percent the year before.
Malicious insiders were also becoming more common, with reports suggesting they were to blame in 17 percent of attacks versus 12 percent last year. And cloud services were rapidly becoming DDoS victims, comprising 33 percent of attacks – up from 29 percent last year and 19 percent in 2013.
“A constantly evolving threat environment is an accepted fact of life for survey respondents,” Arbor Networks chief security technologist Darren Anstee said in a statement. “The findings underscore that technology is only part of the true story since security is a human endeavour and there are skilled adversaries on both sides.”
There were signs of improvement in organisational efforts to improve their security response, however: 75 percent said they had undergone incident response planning – up from 68 percent last year – and 85 percent said they now have formal breach notification processes in place.
This included 42 percent who had engaged the support of an IT forensic expert or other specialist IT provider – mirroring an overall trend to look outside the organisation for skills and support. This year 57 percent of respondents (up from 45 percent last year) said they were looking for solutions to speed up the incident response process – with automated threat detection tools the most popular approach – and 38 percent (down from 46 percent) were looking to increase internal resources to improve incident preparedness.
Some 17 percent were involved with regulators, 13 percent involved with specialist legal advisers. And while 22 percent said they had a “well resourced” team for incident handling, 11 percent had no dedicated resources and 53 percent said they had “limited resources” for dealing with security incidents.
Efforts to bolster incident response – which can often become a protracted cat-and-mouse game for security specialists – were matched by a surge in DDoS severity, with the largest reported attack reaching 500Gbps. Attacks of 450Gbps, 425Gbps and 337 Gbps were also reported, as were five attacks over 200Gbps.
Indeed, nearly one-quarter of the respondents to the Arbor survey – representing 223 attacks in total – reported peak attacks over 100Gbps – a volume that would have set DDoS records just a few years ago.
Application-layer attacks were seen by 93 percent of respondents, up from 90 percent in 2014 and 86 percent in 2013. DNS (used in 84 percent of attacks) and NTP (77 percent) were by far the most commonly-exploited DDoS reflection attack vectors, with more than 55,000 NTP attacks in September and October 2015 alone.
Some 26 percent of DDoS attacks were used as a distraction to divert attention from contemporaneous malware infiltration or data exfiltration, the Arbor survey found. Other attacker motivations included criminals demonstrating DDoS capabilities (42 percent), criminal extortion (35 percent), competition between business organisations (23 percent), and financial market manipulation (19 percent).
Australian businesses have particularly suffered from recent growth in DDoS attacks, with Arbor last year finding that attacks on Australian targets were twice as hard as the regional average – and that better access to broadband was turning Australia into a source of DDoS attacks as well.