The security division of NETSCOUT has released its 13th Annual Worldwide Infrastructure Security Report (WISR) that offers direct insights into the most critical security challenges facing today’s network operators.
The report from Arbor Networks covers a variety of topics, from attack trends to SDN/NFV and IPv6 adoption, to key organisational issues such as incident response training and staffing challenges.
One finding which illustrates the increasingly complex environment is the rise in multi-vector attacks that simultaneously target bandwidth, applications and stateful infrastructure, experienced by 48%, up from 40%.
These attacks challenge defences as well as security teams and processes.
The report shows that the frequency and complexity of distributed denial of service (DDoS) attacks are rising and that defenders are turning to automation and managed services for support.
The proliferation of Internet of Things (IoT) devices across networks simultaneously brings enormous potential benefits to businesses and consumers, but also vulnerability because attackers are able to weaponise them due to security vulnerabilities.
“Attackers focused on complexity this year, leveraging weaponisation of IoT devices while shifting away from reliance on massive attack volume to achieve their goals,” said Darren Anstee, Chief Technology Officer at NETSCOUT Arbor.“They have been effective and the proportion of enterprises experiencing revenue loss due to DDoS nearly doubled this year, emphasising the significance of the DDoS threat.
“The results of the WISR, together with our ATLAS data, demonstrate why an integrated multi-layer defence from the data centre to the cloud is required.”
Bryan Hamman, Arbor Network’s Territory Manager for Sub-Saharan Africa, added that South Africa was within the top 10 of countries targeted by DDoS attacks for both the 2018 and 2017 Arbor WISR reports.
“While it is true that mapping DDoS source/destination IP addresses to geographical locations can be challenging due to factors such as source address spoofing by attackers, there is still no question that South Africa is on the radar for DDoS attacks and as such our business arena cannot afford to be complacent,” he said.
“This latest report shows some interesting developments.
“For example, while the number of very large attacks decreased in 2017 compared to 2016, the number of attacks between 2Gps and 5Gps is growing steadily.
“The report notes that this could also be an indication of attacker innovation, as new attack vectors are developed, such as the Mirai botnet’s ability to launch application-layer as well as volumetric attacks.”
The largest DDoS attack reported by a service provider was 600 Gbps, down from 800 Gbps the previous year, while peak attack sizes and the frequency of very large attacks decreased.
Key findings of the report
- Fifty seven percent of enterprises and 45% of data centre operators saw their Internet bandwidth saturated due to DDoS attacks
- There were 7.5 million DDoS attacks in 2017, according to data from NETSCOUT Arbor’s Active Threat Level Analysis System (ATLAS) infrastructure, which covers about one third of global internet traffic. Of these attacks, service provider respondents experienced more volumetric attacks, while enterprises reported a 30% increase in stealthy application-layer attacks
- Fifty nine percent of service providers and 48% of enterprises experienced multi-vector attacks, a 20% increase from last year. Multi-vector attacks combine high volume floods, application-layer attacks and TCP-state exhaustion attacks in a single sustained offensive, increasing mitigation complexity and attackers’ chances for success.
Negative consequences
As a result, the report notes that successful DDoS attacks are having greater operational and financial impact.
- Fifty seven percent cited reputation/brand damage as their main business impact, with operational expenses second
- Fifty six percent experienced a financial impact of between US$10,000 and US$100,000, almost double the proportion from 2016
- Forty eight percent of data centre operators said customer churn was a key concern following a successful attack
Defences
The report notes that network and security teams are challenged by an active and complex threat landscape, as well as persistent staffing issues.
- Eighty eight percent of service providers use intelligent DDoS mitigation solutions and 36% use technology that automates DDoS mitigation. Increased investment in specialised tools automation is driven by the sheer number of attacks faced in service provider networks
- Attack frequency is also driving demand for managed security services. Thirty eight percent of enterprises relied on third-party and outsourced services, a jump from 28% the previous year. Only 50% carried out defensive drills and the proportion of respondents carrying out drills at least every quarter fell 20%.
- Fifty four percent of enterprises and 48% of service providers have difficulty hiring and retaining skilled personnel
The data in the report was collected by NETSCOUT Arbor through a survey conducted in October 2017 and is based on survey data accumulated from those who are directly involved in day-to-day operational security, with the continuing core goal of providing real insight into infrastructure security from an operational perspective.
Nearly two-thirds of all respondents are security, network or operations professionals. Security professionals have the highest representation at 32%.
The document highlights key industry trends and threats facing network operators, along with the strategies used to mitigate them.
The survey garnered wide participation from all across the world.
“The report is critical reading for network operators,” added Hamman.
“It outlines the challenges ahead for those involved in day-to-day security operations, how your network infrastructure may be negatively affected by the rapidly changing threat landscape, and what your peers are doing to address the threats.”