Internet of Things (IoT) devices have been and will continue to be frequently compromised as long as manufacturers don’t think of security when designing the products.
That idea shows as bad guys are continuing to use compromised Internet of Things (IoT) devices to launch distributed denial of service (DDoS) attacks, which helped them increase the complexity of their assaults, researchers said.
Attackers focused on increasing complexity in 2017, and the exploitation of IoT devices helped them achieve this goal, according to NETSCOUT’s Arbor Networks’ 13th Annual Worldwide Infrastructure Security Report (WISR). The frequency of attacks has increased as well, following a trend seen for the past several years.
The report is based on 390 responses received from a mix of Tier 1, Tier 2 and Tier 3 service providers, hosting, mobile, enterprise and other types of network operators globally. More than half of respondents operate in North America.
Last year, 57 percent of enterprise, government and education (EGE) respondents and 45 percent of data center operators had their network resources depleted due to DDoS attacks. Arbor observed 7.5 million DDoS attacks in 2017.
The largest attack reported by a service provider peaked at 600 Gigabits per second (Gbps), with only one quarter of respondents observing attacks that peaked at over 100Gbps. While the number of very large incidents decreased, however, attackers used more metered attack volumes to achieve their goals, the report reads.
Attack durations surged last year, with 29 percent of service providers saying they experienced attacks of over 12 hours. 45 percent of respondents said they experienced more than 21 attacks per month, while 17 percent were hit more than 500 times per month.
Service providers reported more volumetric attacks, while enterprises noticed a 30 percent increase in stealthy application-layer attacks. Multi-vector attacks hit 59 percent of service providers and 48 percent of enterprises, combining high volume floods, application-layer attacks, and TCP-state exhaustion assaults in a single sustained offensive.
The number of enterprises experiencing stealthy application-layer attacks increased 30 percent last year. 73 percent of the attacks targeted HTTP, 69 percent targeted DNS, and 68 percent targeted HTTPS. The number of assaults targeting encryption servers went up as well, with 53 percent of detected attacks aimed at the application layer and 42 percent of them targeting the SSL/TLS protocol.
Organizations appear to better understand the need for defenses and 77 percent of responding enterprises said DDoS was either a part of their business or their IT risk assessments in 2017.
DDoS attacks had various but more severe consequences, ranging from reputation/brand damage (57 percent of respondents) and concerns of customer churn (48 percent of respondents). The financial impact of DDoS attacks was double compared to 2016, as 56 percent of respondents admitted to losses of between $10,000 and $100,000.
The increase in threat landscape’s complexity challenged network and security teams. 88 percent of service providers said they use Intelligent DDoS Mitigation Solutions, while 36 percent revealed they employ technology that automates DDoS mitigation.
Demand for managed security services is increasing as well, driven by a surge in attack frequency, and 38 percent of enterprises revealed they rely on third-party and outsourced services (up from 28 percent the previous year). However, only 50 percent of respondents said they carried out defensive drills.
“Attackers focused on complexity this year, leveraging weaponization of IoT devices while shifting away from reliance on massive attack volume to achieve their goals,” said Darren Anstee, NETSCOUT Arbor chief technology officer. “Attackers have been effective, and the proportion of enterprises experiencing revenue loss due to DDoS nearly doubled this year, emphasizing the significance of the DDoS threat.”
Click here to download a graphical version of the report.