This is the classic good news bad news scenario: The good news is distributed denial of services attacks seem to be at a plateau, however, the bad news is multi-vector attacks are on the rise, a new study said.
The largest attack reported in the study was 60 Gbps, same as 2011; and 46 percent reported multi-vector attacks, according to Arbor Networks 8th Annual Worldwide Infrastructure Security Report (WISR).
This year’s results found application-layer and multi-vector attacks are continuing to evolve while volumetric attacks are starting to max out in terms of size. While 86 percent reported application-layer attacks targeting Web services, most concerning is multi-vector attacks are up markedly, the report said.
Attackers have now turned to sophisticated, long-lived, multi-vector attacks – combinations of attack vectors designed to cut through the defenses an organization has in place – to achieve their goals. Multi-vector attacks are the most difficult to defend against and require layered defenses for successful mitigation. This year’s report includes a case study on the ongoing attacks against U.S. financial services organizations, a great example of a multi-vector attack.
Other findings in the report include:
Advanced persistent threats (APTs) remain a top concern for service providers and enterprises. APTs are a well-established problem for enterprise network operators. This year’s survey found an increased level of concern over “botted” or compromised machines on provider networks. The increase in botted hosts is not surprising given the number and complexity of malware variants that exist, their rate of evolution and the consequent inability of intrusion detection systems (IDS) and antivirus (AV) systems to fully protect them. Looking ahead, there is even more concern about APT, industrial espionage, data exfiltration and malicious insiders.
Data centers and cloud services increasingly becoming victims. Ninety-four percent of data center operators reported attacks, and 90 percent of those reported operational expenses as a business impact.
As more companies move their services to the cloud, they now have to be wary of the shared risks and the potential for collateral damage. This correlates directly to the types of companies targeted by attackers, with e-commerce and online gaming sites increasingly targeted.
Mobile providers continue to be reactive. The study said 60 percent do not have visibility into the traffic on their mobile/evolved packet cores.
There has been limited improvement in visibility or investment in detection and mitigation solutions specific to the mobile network since the last survey. The economics of consumer subscriber networks do not motivate providers to implement security until a problem occurs.
The number of mobile devices, along with the sophistication and power of these devices, continues to increase year over year. It is only a matter of time before botnets and DDoS become more prevalent within mobile infrastructure.
BYOD trend creates new challenges. Companies (63 percent) allow BYOD devices on the network, however only 40 percent have the means to monitor those devices. Additionally, only 13 percent actively block access to social media applications and sites. Clearly, BYOD is creating more entry points for hackers to enter the network.
For more details on the report, click here to download (registration required).