NETSCOUT Arbor produces this annual report based upon a survey that specifically includes individuals within the operational security community. Survey participation continues to grow despite additional efforts to encourage recusal of respondents without direct network or security operational experience.
We are continuing the trend toward a more balanced mix of SP and EGE organizations.
Criminals demonstrating attack capabilities
Service providers represent the majority of respondents, continuing the trend toward a more balanced mix of service providers and enterprise, government and education (EGE) organizations. DDoS attacks represent the dominant threat observed by the vast majority of service providers. Infrastructure outages also continue to be a threat with over half of operators experiencing this issue.
This highlights the global challenges organizations face to build and maintain an internal security team of skilled practitioners.
NETSCOUT Arbor’s Active Threat Level Analysis System (ATLAS) gathers statistics from Arbor SP deployments around the world. There are currently more than 400 networks participating in the ATLAS initiative. Statistics are shared hourly which include DDoS attack details, along with other traffc information.
This special report section contains analysis from Arbor’s Security Engineering & Response Team (ASERT).
The year 2017 was one in which IoT bots became the preferred weapon of choice for launching DDoS attacks. The number of unsecured internet of things (IoT) devices that are connected to the internet every day continues to increase dramatically.
As the number of IoT devices increases, so do the security vulnerabilities. Attackers have invented new ways to detect, infect and compromise IoT devices, even those thought to be secure behind corporate firewalls.
IHS Markit predicts the number of IoT devices will rise.
In 2017, there were two highly visible cases of more advanced attacks requiring the use of professional malware arms dealers.
Looking at the number of DDoS incidents, and the appearances of new IoT malware in the 2016–2017 time frame, it becomes apparent that the attacker/incident economy is of cyclical nature.
Enterprise, Government + Education organizations faced an increasingly active and complex threat environment this year. Attackers focused on complexity, leveraging weaponization of IoT devices while shifting away from reliance on massive attack volume to achieve their goals. The results of the WISR survey, together with our ATLAS data, demonstrate why an integrated multi-layer defense from the data center to the cloud is required.
The smaller security teams may be as a result of the reliance on outsourcing for SOC capabilities.
Global DNS infrastructure provides the critical function of mapping the seemingly random sets of numbers in IP addresses (like 22.214.171.124) to a human-readable name that an internet consumer may recognize (like www.myfavoritestore.com). To scale to a global level, the DNS system was designed as a multi-level reference network that would allow any user on the internet to query a set of servers that will iteratively find where a specific domain is owned and get the name to IP address mapping from that location. This system based on trusting the legitimacy of these requests that this year’s WISR report demonstrates why DDoS attacks continue to be a major threat to the availability of the DNS network.
Slightly down from 74 percent in 2016, but in line with 2015.
Operating a DNS infrastructure is more common in North America and Europe than in Latin America, the Middle East, Africa, or Asia Pacific Regions.
DDoS attacks against DNS Infrastructure that led to a publicly visible service outage:
This is disappointing considering the criticality of DNS to these organizations.
The Worldwide Infrastructure Security Report is designed to help network operators understand the breadth of the threats that they face, gain insight into what their peers are doing to address these threats, and comprehend both new and continuing trends. We hope that you fnd the information useful in protecting your business for the coming year.
To download the full report, please complete/submit this form.