History Doesn’t Repeat Itself but it Often Rhymes

Since 2005, DDoS attack size has grown 7,900%

Kevin Whalen

Mark TwainTaking a look back to the very first Worldwide Infrastructure Security Report (WISR) twelve years ago and of course, many things are vastly different. One thing is clear. Things are more complex today, from the attacks to the infrastructure, and that benefits attackers.

According to WISR respondents, since 2005, DDoS attack size has grown 7,900%, for a compound annual growth rate (CAGR) of 44%. In 2005, the vast majority of attacks were basic floods. Today, multi-vector attacks are common, targeting connection bandwidth, applications and infrastructure in a single sustained attack. The big issue of the day in 2005 was Worms, a word that does not appear in the current report. Instead, it is IoT botnets that are a top of mind concern for network operators.

Beyond the threats, the infrastructure is more complex too. Since 2005, mobility and cloud computing have emerged and fundamentally changed everything. In attempting to deal with this complexity, some positive trends have emerged. One difference is in the quality of the tools defenders are using to protect their networks. We’re seeing increasing use of purpose built Intelligent DDoS Mitigation Systems, and less use of firewalls and IPS for DDOS protection, for example. We’re also seeing more focus on incident response practice, all positive developments.

Here’s a quick look why Mark Twain was such a genius,

  2005 Worldwide Infrastructure Security Report 2017 Worldwide Infrastructure Security Report
Length 13 pages 104 pages
Respondents 36 356
Most Popular Attack Type 90% of the respondents named “brute force” attacks involving TCP SYN and UDP Floods as the most common attack vectors. A very small number of application layer attacks were observed. 95% of service providers experienced application-layer attacks this year.
Attack Complexity Although only a handful of providers described seeing attacks more complex than basic flooding, the few attacks encountered posed a greater operational challenge. Sixty-seven percent of service providers experienced multi-vector attacks on their networks.
Most Common DDoS Defense Access Control Lists (ACLs)—also known as packet filters, and Border Gateway Protocol (BGP) destination-based blackhole routing remain the primary DDoS mitigation mechanism. 83 percent are using intelligent DDoS mitigation systems (IDMS) to mitigate DDoS attacks.
Network Congestion From a network infrastructure perspective, operators say, “The primary threat from worms is not their payloads, but the network congestion they cause.” More than 60 percent saw attacks totally saturate data center bandwidth.
Resources Organizational and staffing issues are major barriers to implementing effective defenses against network attacks. Only 87% of service provider respondents have at least some dedicated security personnel this year — a significant drop from 95 percent last year.
Prediction Application-layer attacks will increase as tools to execute these attacks become more widely available and defense techniques used to mitigate brute-force attacks lessen their impact. If current growth trends continue, the average attack size will reach nearly 1.2 Gbps by the end of 2017.
Status Nailed it! TBD


Arbor’s 12th annual Worldwide Infrastructure Security Report delivers direct insights from network and security professionals at the world’s leading service provider, cloud/hosting and enterprise organizations. The report covers a comprehensive range of issues from threat detection and incident response to managed services, staffing and budgets. Its focus is on the operational challenges internet operators face daily from network-based threats and the strategies adopted to address and mitigate them.

According to Ovum Senior Analyst Rik Turner, “The WISR is always an authoritative source of data on the state of cybersecurity. The inclusion of a special section on IoT is particularly timely, however, as it’s coming onto a lot of folks’ radar as a new vector for DDoS and other types of cyberattacks.”

DOWNLOAD your copy now to learn from history and protect your future.