Based on survey data provided by network operators from around the world, the 8th annual Worldwide Infrastructure Security Report (WISR) is designed to help network operators make more informed decisions about their security strategies as they relate to the integrity of mission-critical Internet and other IP-based infrastructure.
Key Findings:
Advanced Persistent Threats (APTs) a Top Concern for Service Providers and Enterprises
- 61 per cent named ‘botted’ or otherwise compromised hosts as top concern
- 55 per cent named Advanced Persistent Threats (APTs) as top concern
Advanced threats are a well-established problem for enterprise network operators. This year’s survey found an increased level of concern over ‘botted’ or compromised machines on provider networks. The increase in botted hosts is not surprising given the number and complexity of malware variants that exist, their rate of evolution and the consequent inability of Intrusion Detection Systems (IDS) and Anti-Virus (AV) systems to fully protect them. Looking ahead, there is even more concern about APT, industrial espionage, data exfiltration and malicious insiders.
DDoS: Attack Sizes Plateau; Complex Multi-Vector Attacks on the Rise
- Largest attack reported was 60 Gbps, same as 2011; 2010 attack peak was 100 Gbps
- 46 per cent reported multi-vector attacks
This year’s results confirm that application-layer and multi-vector attacks are continuing to evolve while volumetric attacks are starting to plateau in terms of size. While 86 per cent reported application-layer attacks targeting Web services, most concerning is that multi-vector attacks are up markedly. Attackers have now turned to sophisticated, long-lived; multi-vector attacks – combinations of attack vectors designed to cut through the defences an organisation has in place – to achieve their goals. Multi-vector attacks are the most difficult to defend against and require layered defences for successful mitigation. This year’s report includes a case study on the ongoing attacks against U.S. financial services organisations, a great example of a multi-vector attack.
Data Centres and Cloud Services are Increasingly Victimised
- 94 per cent of data centre operators reported attacks
- 90 per cent of those reported operational expenses as a business impact
As more companies move their services to the cloud, they now have to be wary of the shared risks and the potential for collateral damage. This correlates directly to the types of companies being targeted by attackers, with e-commerce and online gaming sites increasingly targeted, according to survey results this year.
Mobile Providers Continue to be Reactive
- 60 per cent do not have visibility into the traffic on their mobile/evolved packet cores
There has been limited improvement in visibility or investment in detection and mitigation solutions specific to the mobile network since the last survey. The economics of consumer subscriber networks do not incentivise providers to implement security until a problem occurs.
The number of mobile devices, along with the sophistication and power of these devices, continues to increase year over year. We believe it is only a matter of time before botnets and DDoS become more prevalent within mobile infrastructure.
Bring Your Own Device (BYOD) Trend Creates New Challenges
- 63 per cent allow BYOD devices on the network
- However, only 40 per cent have the means to monitor those devices
In the growing trend commonly referred to as BYOD, half of respondents now allow personal devices on their networks. However, only 40 per cent have a means to monitor usage of these devices. Additionally, only 13 per cent actively block access to social media applications and sites. Clearly, BYOD is creating more entry-points for hackers to enter the network.
DNS Infrastructure Remains Vulnerable
- 27 per cent experienced customer-impacting DDoS attacks on their DNS infrastructure—a significant increase over the 12 per cent of respondents from last year’s survey
71 per cent of respondents reported good visibility at Layers 3 and 4 but only 27 per cent reported Layer 7 visibility. This lack of visibility coupled with a lack of dedicated security personnel create an ideal environment for attackers to exploit. Attackers now have many targets from which to create reflection attacks.
IPv6 Deployments Becoming Pervasive
- 80 per cent indicated that they either have already deployed IPv6 or have plans to deploy within the next 12 months
In last year’s WISR, survey respondents acknowledged the first reports of IPv6 DDoS attacks on production networks. Even though IPv6 DDoS attacks were being reported, IPv6 security incidents were still relatively rare at that time. Considering that 75 per cent of survey respondents are Service Providers, it’s no great surprise that IPv6 deployments are accelerating today. This opens new opportunities for attackers to bypass network controls by switching between IPv4 and IPv6 networks.
Additional Resources:
- Visit the Arbor Networks SlideShare page to download the WISR presentation or reply to this email and we’ll send it to you.
- Follow @arbornetworks and the #WISR12 hashtag on twitter for more key findings
Survey Scope and Demographics
- Data covers October, 2011 through September, 2012
- 130 respondents from a mixture of Tier 1, Tier 2/3, enterprise and other types of network operators from all around the world; a 14 per cent increase from last year’s respondent pool
- 64 per cent of respondents are network or security operations engineers, analysts or architects; the remaining are management or executives