Cloud in the Crosshairs

NETSCOUT’s 14th Worldwide Infrastructure Security Report found that SaaS, cloud services, and political targets drew increased attacker attention in 2018.

Network Security Infrastructure Report
Carol Hildebrand

When the Worldwide Infrastructure Security Report (WISR) was launched 14 years ago, 10 Gbps attacks made headlines and took networks down. Today, attacks forty times that size are routinely mitigated with little to no disruption to online services. Indeed, that is good news.

But think about that for a minute: 400 Gbps attacks are now a matter of routine.

The size of DDoS attacks is growing at an alarming pace all around the world, with significant implications for networks operators of all sizes, from global service providers to emerging enterprises. This year, the survey is further enhanced by regional breakdowns of the enterprise respondents. Attack types, targets, techniques, motivations, impacts, and costs are all broken out for US and Canada, Brazil, UK, Germany, France, and Japan. These regional insights from survey respondents are enriched, and frequently validated, by global attack data from NETSCOUT’s ATLAS® infrastructure, which delivers visibility into one-third of all internet traffic.

Key Findings:

Cloud in the Crosshairs

As enterprise organizations invested in cloud-based DDoS mitigation services, attackers shifted to focus on stateful infrastructures. In 2018, attacks targeting firewalls and IPS devices almost doubled, from 16 percent in 2017 to 31 percent. Important elements of digital transformation strategies are now under attack. In 2018, there was a threefold increase in the number of attacks against SaaS services, from 13 percent in 2017 to 41 percent in 2018. We also saw a significant jump in attacks against third-party data centers and cloud services, from 11 percent to 34 percent.

Attackers Take on the Public Sector

Perhaps we should not be surprised given the highly charged political environment in the U.S. and in many places around the world, but 2018 saw a significant change in the customer sectors most often targeted. In past years, financial services, e-commerce, and gaming customers were at the top of the list. In 2018, it was government customers at 60 percent, up significantly from 37 percent in 2017.

Terabit Attacks

For the first time ever, a DDoS attack topped 1 Tbps in size. A few days later, a 1.7 Tbps attack was recorded. We’ve officially entered the Terabit Attack Era. Indeed, we saw a dramatic and persistent increase in DDoS attack size and complexity, as the global max attack size increased 273 percent. This year, 91 percent of enterprises who experienced a DDoS attack indicated that one or more of the attacks completely saturated their internet bandwidth.

High Cost of Downtime

For 2018, the cost of downtime associated with internet service outages caused by DDoS attacks was $221,836.80. Germany had the highest downtime costs, at $351,995. Meanwhile, Japan paid the least for downtime, at $123,026.

Inside Threats

Companies again faced risk from inside the firewall—indeed, even from the firewall itself. Forty-three percent reported that their firewall and/or IPS contributed to an outage during a DDoS attack. Malicious insiders also posed a threat, as more than a quarter of respondents indicated their organization experienced an attack by a malicious insider in 2018. France had the highest number at 37.5 percent, while Japan was lowest at 13.8 percent.


NETSCOUT Arbor’s 14th Annual Worldwide Infrastructure Security Report (WISR) delivers insights from a global survey of network, security, and IT decision makers across enterprise and service provider organizations. Its focus is on the operational challenges they face daily from network-based threats, as well as the strategies adopted to address and mitigate them. The survey arms you with insights to develop and implement a DDoS and infrastructure security and network protection plan.

Get the survey results here.