DDoS Attacks Against Datacenters On The Rise, Report Says
February 06, 2014
Despite widespread efforts to curtail them, distributed denial-of-service attacks continue to stake their place among the greatest threats enterprises face today.
The likely reason? DDoS attackers -- who increasingly have extortion as their objective -- continue to evolve their strategies, seemingly staying one step ahead of information security teams.
According to Arbor Networks' ninth annual Worldwide Infrastructure Security Report, companies surveyed by the security company ranked DDoS attacks against infrastructure as their top concern for 2014.
In fact, numerous parts of the infrastructure already have become favored targets, according to the 220 network and security professionals who were surveyed. And in general, those respondents all but admitted to being one step behind the perpetrators in most cases.
For example, 70% of those who operate datacenters reported having experienced DDoS attacks between November of 2012 and October 2013, up from less than 50% a year earlier. What's more, the frequency of those attacks -- which, naturally, are a growing cause of datacenter outages -- is on the rise, with more than 10% of those datacenter operators claiming to have been attacked more than 100 times a month.
Yet they continue rely on firewalls, as well as intrusion detection and prevention devices to thwart DDoS attacks, even though many survey respondents said NetFlow analyzers, simple network management protocol tools and in-house developed scripts are more effective.
On the mobile front, more than one-fourth of respondents who offer mobile services reported having experienced DDoS attacks on their mobile infrastructures, more than double the portion of the previous year. And while the number of respondents with BYOD policies that allow employees to use personal devices on internal networks continues to grow, more than half said they have no solution in place to identify those devices.
Perhaps the most disturbing disconnect: More than one-third of respondents said they've experienced DDoS attacks on their domain name system infrastructures, and yet the percentage who said there are no groups within their organizations that are formally responsible for DNS security actually rose to 26%, up from 19% a year earlier.
[Read about the attack trends Cisco security researchers have tracked in "Cisco Security Report: Internet Infrastructure Under Attack."]
And it's not just that DDoS attacks are more frequent; they're also packing more punch, Eric Hanselman, chief analyst at 451 Research, said via email.
"Attackers are dramatically increasing the firepower at their disposal, as well," Hanselman said. "With the ability to unleash over 100Gbps of attack traffic, even the largest enterprises and service providers have had to increase their investments in DDoS protection."
To that point, multiple respondents to the Arbor survey said they'd been victimized by DDoS attacks above that 100Gbps threshold.
There are some glimmers of hope, however. For instance, less than one-fifth of respondents reported any DDoS attacks targeting cloud services. And once a DDoS attack occurs, respondents are doing a better job of sniffing them out, as 60% now say they're able to mitigate attacks within 20 minutes.
But there's no sugarcoating the reality that there is significant room for improvement. The way Hanselman sees it, that improvement starts with realizing that DDoS attacks are a when, not an if.
"Enterprises have to move from thinking of DDoS as a possibility, to treating it as an eventuality," he said. "DDoS mitigation plans have to be made part of business continuity planning, just like storms, power outages, and backhoes."