According to Arbor Networks’ 8th Annual Worldwide Infrastructure Security Report (WISR), advanced persistent threats (APTs) are top of mind; distributed denial of service (DDoS) attacks have plateaued in size but become more complex; data center and cloud services are especially attractive targets; and mobile operators continue to be reactive in terms of network visibility.
The report also found that mobile is one of the largest unsecured areas of infrastructure: 60% of mobile carriers do not have visibility into the traffic on their mobile/evolved packet cores (used in advanced 4G deployments).
“There has been limited improvement in visibility or investment in detection and mitigation solutions specific to the mobile network since the last survey,” Arbor said. “The economics of consumer subscriber networks do not incent providers to implement security until a problem occurs.”
Overall, the primary threats mean different things depending on the infrastructure area, the company noted. “Sixty-four percent of survey participants said, ’DDoS is the most significant operational security issue we face today,’” the company wrote in its blog. “The majority of respondents put fast-spreading worms in second place and domain name system (DNS) vulnerabilities, e.g. DNS poisoning, as a close third.”
It added, "DDoS attacks represent the top four concerns, the same result as last year, with attacks against customers being the top concern."
When it comes to DDoS, 46% of respondents reported multi-vector attacks: concerning because they tend to be the most difficult to defend against and require layered defenses for successful mitigation. However, the attacks aren’t getting larger – the largest attack reported in 2012 was 60 Gbps, the same as in 2011; in 2010 the attack peak was 100 Gbps.
“This year’s results confirm that application-layer and multi-vector attacks are continuing to evolve while volumetric attacks are starting to plateau in terms of size,” said Arbor. “While 86% reported application-layer attacks targeting web services, most concerning is that multi-vector attacks are up markedly. Attackers have now turned to sophisticated, long-lived, multi-vector attacks – combinations of attack vectors designed to cut through the defenses an organization has in place – to achieve their goals.”
About 27% experienced customer-impacting DDoS attacks on their DNS infrastructure – a significant increase over the 12% of respondents from the 2011 survey.
When it comes to DNS infrastructure overall, 71% of respondents reported good visibility at Layers 3 and 4, but only 27% reported Layer 7 visibility. This lack of visibility coupled with a lack of dedicated security personnel adds up to a perfect storm for exploits.
Meanwhile, IPv6 deployments are becoming pervasive, Arbor found. A full 80% of CSPs indicated that they either have already deployed IPv6 or have plans to deploy within the next 12 months. In 2011, the first reports of IPv6 DDoS attacks on production networks came to light, but IPv6 security incidents were still relatively rare.
“Considering that 75% of survey respondents are service providers, it’s no great surprise that IPv6 deployments are accelerating today,” Arbor said. “This opens new opportunities for attackers to bypass network controls by switching between IPv4 and IPv6 networks.”
Arbor found that advanced threats are a well-established problem for enterprise-focused network operators. This year’s survey found an increased level of concern over botnets on provider networks thanks to the sheer variety in the pathology for these, their rate of evolution and the consequent inability of intrusion detection systems (IDS) and anti-virus (AV) systems to fully protect them. Looking ahead, there is even more concern about APT, industrial espionage, data exfiltration and malicious insiders, the survey uncovered.
Meanwhile, unsurprisingly, data centers and cloud services are increasingly victimized: 94% of data center operators reported attacks, while 90% of those reported operational expenses as a business impact. As more companies move their services to the cloud, they now have to be wary of the shared risks and the potential for collateral damage, Arbor warned.
This correlates directly to the types of companies being targeted by attackers, with e-commerce and online gaming sites increasingly targeted, according to the survey results.