Hosting providers are the end-user targets of 42 percent of all cyber attacks, according to research released Tuesday by Arbor Networks. The security company’s 11th annual Worldwide Infrastructure Security Report (WISR) revealed that DDoS attacks are increasingly coming from criminals demonstrating capabilities, rather than “hacktivists” or vandals.
Arbor compiled the report from 354 survey responses by network operators between November 2014 and November 2015, a small majority coming from service providers. While the report shows the continuation of several established trends, such as increasing attack size, it also shows several new developments in infrastructure security.
“(T)he findings from this report underscore that technology is only part of the true story since security is a human endeavor and there are skilled adversaries on both sides,” said Arbor Networks Chief Security Technologist Darren Anstee. “Thanks to the information provided by network operators worldwide, we are able to offer insights into people and process, providing a much richer and more vibrant picture into what is happening on the front lines.”
That picture includes 93 percent of respondents facing application-layer DDoS attacks, with those attacks focussing most commonly on DNS, rather than HTTP. Multi-vector attacks targeted the infrastructure of 56 percent of organizations, up from 42 percent in the year prior. DDoS attacks were most commonly motivated by “criminals demonstrating attack capabilities” for the first time, something Arbor says is typically associated with cyber extortion attempts.
A third of cloud-based services faced attacks, up from only 19 percent two years ago. Just over half of all data center operators saw their Internet connectivity saturated by DDoS attacks, and outbound attacks from servers within their networks rose from 24 last year to 34 percent. Firewall failures from DDoS attacks likewise increased from one-third to more than half of enterprise respondents.
Organizations are responding with better planning, as 57 percent are seeking solutions to speed up incident response processes. Over half of all service providers say their advanced persistent threat (APT) discovery to containment time has dropped to under a month, while one-third have reduced discovery time for APTs to less than a week.
Insider threats remain a weak point in attack preparedness, as security incidents from malicious insiders and BYOD increased significantly, and nearly 40 percent of enterprises do not have BYOD monitoring tools deployed on their network.
Organizations are attempting to combat infrastructure attacks with outside help. Respondents planning to increase internal incident preparedness and response resources actually declined from 46 to 38 percent in the past year, but 74 percent of service providers reported more demand for managed services, and 55 percent of cloud and hosting providers are interested in DDoS detection or mitigation services.
The results clearly indicate to cloud and hosting providers not just where they can focus their own security efforts, but how they can address a developing market for cloud and application-layer protection with managed service offerings.