Sophisticated Network Attacks on Rise

by CXOtoday Staff    Nov 14, 2008

ISPs at present are waging a multi-faceted battle as they face increased cost and revenue pressure, along with multi-threaded attacks that are growing alarmingly in size, frequency and sophistication, said a recently released report on worldwide infrastructure security.

In addition to attacks against network infrastructure, smaller and more sophisticated attacks including service-level and application-targeted attacks, DNS poisoning, and route hijacking have also risen, said the report commissioned by Arbor Networks. They are more difficult to manage than larger forceful attacks and can cause a serious disruption in network service.

Detection of application layer attacks is more difficult and providers need to have deep application insight into IP services and applications to identify, and mitigate such attacks. “To ensure the highest level of customer satisfaction, ISPs need to detect and surgically remove only the attack traffic while maintaining legitimate business traffic,” said Danny McPherson, chief security officer for Arbor Networks.

The distributed denial of service (DDoS) attacks that make a network unavailable to its intended users were as large as 40 gigabits last year. The largest sustained attacks reported in the last two years were 24 Gbps and 17 Gbps, respectively, representing a 67% increase in attack scale over last year, a 100-fold increase since 2001, say the report. Furthermore, 36% of survey respondents last year reported observing sustained attacks larger than one Gbps and the number of respondents observing one gigabit per second or larger attacks too nearly doubled this year.

“The growth in attack size continues to significantly outpace the corresponding increase in underlying transmission speed and infrastructure investment and, while most ISPs now have the infrastructure to detect bandwidth flood attacks, many still lack the infrastructure and ability to quickly mitigate these attacks,” said McPherson.

Botnets (26%) continue to be the primary vehicle for delivering the largest problems to network operations and security engineers, followed closely by DNS cache poisoning (23%) and BGP route hijacking (15%).

55% of respondents said the scale and frequency of security threats for IPv6 will increase as it becomes more widely deployed, while only 8% of respondents believe threats will decrease with improved IPv6 deployment. And although VoIP continues to be a rising attack vector for miscreants, providers are under prepared to protect their VoIP infrastructure from attack, the study said. Only 21% of respondents indicated that they had tools in place to detect threats against VoIP infrastructure or services.

“Many organizations generate most or all of their revenue from Web or other network service transactions, and their Internet ‘presence’ is critical to their fiscal well-being. Therefore, many organizations now consider subscribing to MSS as an everyday cost of doing business on the Internet, and budget for these services just as they would disaster recovery, data backups, and traditional network redundancy,” said Rob Malan, co-founder and CTO of Arbor Networks.

Related Links:
New Service to Secure Enterprise Network Attacks