NETSCOUT's 14th Annual Worldwide Infrastructure Security Report (WISR) delivers insights from a global survey of network, security, and IT decision makers across enterprise and service provider organizations. Its focus is on the operational challenges they face daily from network-based threats and the strategies adopted to address and mitigate them.
This year, the survey is further enhanced by regional breakdowns of the enterprise respondent. Attack types, targets, techniques, motivations, impacts, and costs are all broken out for US and Canada, Brazil, UK, Germany, France, and Japan. These regional insights from survey respondents are further enhanced, and often validated, by global attack data from NETSCOUT’s ATLAS® infrastructure, which delivers visibility into one-third of all internet traffic.
There are new trends emerging that we expect will be with us for several to come. The reason is quite simple and comes down to something very basic: human nature. As we place growing importance on the delivery of cloud-based services, it should come as no surprise that attackers are increasingly targeting these services with attacks. If it’s important to you (network operators), it’s important to them (attackers).
For the first time ever, a DDoS attack topped 1 TBPS in size. A few days later, a 1.7 TBPS attack was recorded. We've officially entered the terabit attack era.
Important elements of digital transformation strategies are now under attack. In 2018, there was a threefold increase in the number of attacks.
Indicated their organization experienced an attack by a malicious insider in 2018.
reported that their firewall and/or IPS contributed to outage during a DDoS attack
The cost of downtime associated with internet service outages caused by DDoS attacks in 2018.
While the total number of DDoS attacks declined 4% globally, we saw a dramatic and persistent increase in DDoS attack size and complexity.
For enterprises that experienced a DDoS attack:
said that one or more completely saturated their internet bandwidth
experienced a multi-vector DDoS attack
For 14 years one thing has been clear: service providers have had to bear the brunt of DDoS attacks and have taken the lead in DDoS defense. When the Worldwide Infrastructure Report (WISR) was launched 14 years ago, 10 Gbps attacks made headlines and took networks down. Today, attacks forty times that size are routinely mitigated with little to no disruption to online services.
DDoS has long been a tool for online protests, thanks to the combination of increasingly sophisticated for-hire DDoS attack services and free attack tools that enable anyone with basic online skills to launch an attack.
As political instability increases around the world, expect DDoS to continue to be used as a form of protest.
If it’s important to you, it’s important to them. As service providers place growing importance on the delivery of cloud-based services to enterprises and consumers, it should come as no surprise that attackers are increasingly targeting these services with DDoS attacks.
For the past three years, we have seen service providers increasingly turn to third-party (outsourced) and third-party augmented (hybrid) SOC capabilities.
This highlights once again the global challenges organizations face to build an maintain an internal security team of skilled practitioners, and their reliance on outsourcing to address the issue.
Enterprises reported a host of challenges this year, from ransomware to extortion to DDoS attacks as well as ongoing staffing and operational challenges. Evident in this year’s findings is the ongoing game of whack-a-mole between defenders and attackers.
As enterprise organizations invested in cloud-based DDoS mitigation service in recent years, attackers shifted their attention to stateful infrastructure.
The increasing use of encrypted traffic was reflected in the growing rate of attacks targeting it.
experienced encrypted traffic attacks in 2018, nearly twice the percentage as the previous year
We found a near-universal desire to simplify operational security processes, with the top priority being component and workflow integration.
This year, we dug into our enterprise survey data for highlights from six countries. Attack types, targets, techniques, motivations, impacts, and costs are all broken out for US and Canada, Brazil, UK, Germany, France, and Japan.
Infrastructure
Customer-Facing Service/Applications
Saas Services
cited hiring and retaining skilled employees as a major challenge.
Germany
Japan
NETSCOUT Arbor’s Active Threat Level Analysis System (ATLAS®) delivers a truly comprehensive view into internet traffic, trends and threats. With visibility into one-third of all internet traffic, we are ideally positioned to deliver actionable intelligence about botnets, DDoS attacks and malware that threaten internet infrastructure and network availability.
While the total number of DDoS attacks declined 4% globally, we saw a dramatic and persistent increase in DDoS attack size and complexity.
The number of DDoS attacks was down 4%
Million Attacks
Despite that sliver of good news, that equals:
with 2.3 million attacks
also with 2.3 million attacks
Attack Size
The dramatic increase in DDoS attack size was consistent throughout the year.
Attack Frequency
Looking at the largest DDoS attacks each month and taking their average size, they were 45% larger in 2018 than in 2017.
Latin America, along with Asia Pacific, was the only other region to see a rise in DDoS attack frequency.
Rise in DDoS attack frequency
DDoS attacks per month
NETSCOUT’s Worldwide Infrastructure Security Report delivers direct insights into what your peers are doing to address today’s most pressing security and operational challenges. We hope that you find the information useful in protecting your business in the coming year.