If 2020 taught the world anything, it was that network connectivity is vital to nearly everything we do. For most businesses, being able to work remotely was a lifesaver, while a world under quarantine turned to network connectivity for streaming entertainment and video conference calling. That vital importance naturally attracted the attention of malicious actors, who always want the things most important to network operators. As a result, service providers had to manage enormous spikes in legitimate network traffic such as streaming video, video conference calls, and gaming while simultaneously defending a commensurate increase in DDoS attacks targeting critical network infrastructure and services. According to NETSCOUT’s 16th annual Worldwide Infrastructure Security Report (WISR), 41 percent of service providers were concerned with bandwidth saturation increases from pandemic-staple, over-the-top (OTT) services that became staples of the COVID-19 pandemic, such as streaming video, conference calls, and gaming.
With bandwidth already stretched to the limit, increases in bandwidth-gobbling distributed-denial-of-service (DDoS) attacks this past year proved to be a severe challenge for providers. WISR, which offers insights from a global survey of network, security, and IT decision-makers across service provider organizations, found 71 percent of providers viewed DDoS attacks targeting critical network infrastructure and services as their top threat in 2020.
Beyond the sheer volume of DDoS attacks, service providers also have also faced increasingly complex attacks. All of this is attributable to Internet of Things (IoT) botnets, reflection/amplification techniques, and easy-to-use DDoS-for-hire services, which have made attacks more distributed, complex, and potent than ever. This trend was validated by WISR with 57 percent of respondents reporting multivector attacks in 2020.
Attacks Coming from Within and Without
Although inbound DDoS attacks on publicly exposed service infrastructure continues to be a top security priority for service providers, WISR found that 31 percent of respondents were also concerned about an increase in outbound/cross-bound attacks from on-net customers and devices. Cloud services also are presenting new platforms for attacks. The WISR revealed that nearly 40 percent of service providers saw DDoS attacks emanating from inside and outside public cloud services, while nearly three quarters of service providers witnessed botnet traffic originating from both within and outside of their networks.
Mobile devices increasingly are being used to launch attacks on infrastructure, services, and/or customers. The WISR revealed that approximately 25 percent of service providers were being attacked by mobile devices. And making matters worse, nearly half of providers lacked the visibility to tell whether or not mobile devices were being used as the source of attacks. With more than 50 percent of all internet traffic now originating on mobile devices, this lack of visibility presents a serious problem.
Growing Demand for Managed Security Services
As DDoS attacks strike a wider range of targets—partially fueled by easy access to increasingly sophisticated attack tools available as for-hire services—demand for managed security services (MSSPs) has been on the rise. According to WISR data, MSSPs experienced an increase of 69 percent in enterprise demand in 2020, with more than 50 percent reporting increased business from government, cloud/hosting providers, and financial services customers. Meanwhile, 40 percent of MSSPs have seen increased interest from education, ecommerce, and ISPs, while more than 20 percent reported requests from healthcare, media and entertainment, and retail.
Another interesting trend is the rise in the number of MSSPs offering third-party DDoS mitigation services to their customers. The number of MSSPs offering multiple tiers of DDoS protection services have more than tripled year-over-year.
Fighting Back with Threat Detection Tools
Threat detection tools offer an effective means for neutralizing the threat of DDoS attacks. The WISR revealed that NetFlow-based analyzers were the preferred method, followed by next-generation firewalls, and then by inline DDoS solutions. As many organizations deploy a wide array of threat detection tools, the resulting high number of alerts has made the use of security information and event management (SIEM) platforms all the more important.
Read the full report
Challenges to Defending Against DDoS Attacks in the Age of Digital Transformation