NETSCOUT's 14th Annual Worldwide Infrastructure Security Report Cloud in the Crosshairs

Digital business initiatives like cloud, along with political targets, drew increased attacker attention in 2018.

NETSCOUT's 14th Annual Worldwide Infrastructure Security Report (WISR) delivers insights from a global survey of network, security, and IT decision makers across enterprise and service provider organizations. Its focus is on the operational challenges they face daily from network-based threats and the strategies adopted to address and mitigate them.

This year, the survey is further enhanced by regional breakdowns of the enterprise respondent. Attack types, targets, techniques, motivations, impacts, and costs are all broken out for US and Canada, Brazil, UK, Germany, France, and Japan. These regional insights from survey respondents are further enhanced, and often validated, by global attack data from NETSCOUT’s ATLAS® infrastructure, which delivers visibility into one-third of all internet traffic.

Key Findings

There are new trends emerging that we expect will be with us for several to come. The reason is quite simple and comes down to something very basic: human nature. As we place growing importance on the delivery of cloud-based services, it should come as no surprise that attackers are increasingly targeting these services with attacks. If it’s important to you (network operators), it’s important to them (attackers).

Terabit Attacks

For the first time ever, a DDoS attack topped 1 TBPS in size. A few days later, a 1.7 TBPS attack was recorded. We've officially entered the terabit attack era.

1 TBps
1.7 TBps

Digital Transformation

Important elements of digital transformation strategies are now under attack. In 2018, there was a threefold increase in the number of attacks.

Attacks against SaaS services

13%
41%

Attacks against third-party data centers + cloud services

11%
34%

Malicious Insiders

26%

Indicated their organization experienced an attack by a malicious insider in 2018.

Japan
14%
France
37%

Firewalls

Icon of fire.
43%

reported that their firewall and/or IPS contributed to outage during a DDoS attack

Cost of Downtime

The cost of downtime associated with internet service outages caused by DDoS attacks in 2018.

$221,836.80
cost per attack

Attack Size

Max Attack Size

273%

While the total number of DDoS attacks declined 4% globally, we saw a dramatic and persistent increase in DDoS attack size and complexity.

For enterprises that experienced a DDoS attack:

91%
91%

said that one or more completely saturated their internet bandwidth

36%
36%

experienced a multi-vector DDoS attack

Service Provider

For 14 years one thing has been clear: service providers have had to bear the brunt of DDoS attacks and have taken the lead in DDoS defense. When the Worldwide Infrastructure Report (WISR) was launched 14 years ago, 10 Gbps attacks made headlines and took networks down. Today, attacks forty times that size are routinely mitigated with little to no disruption to online services.

Cyber Reflections

DDoS has long been a tool for online protests, thanks to the combination of increasingly sophisticated for-hire DDoS attack services and free attack tools that enable anyone with basic online skills to launch an attack.

As political instability increases around the world, expect DDoS to continue to be used as a form of protest.

Importance

If it’s important to you, it’s important to them. As service providers place growing importance on the delivery of cloud-based services to enterprises and consumers, it should come as no surprise that attackers are increasingly targeting these services with DDoS attacks.

47% in 2018
33% in 2017
25% in 2016

Operational Challenges

3 Years

For the past three years, we have seen service providers increasingly turn to third-party (outsourced) and third-party augmented (hybrid) SOC capabilities.

This highlights once again the global challenges organizations face to build an maintain an internal security team of skilled practitioners, and their reliance on outsourcing to address the issue.

Enterprise

Enterprises reported a host of challenges this year, from ransomware to extortion to DDoS attacks as well as ongoing staffing and operational challenges. Evident in this year’s findings is the ongoing game of whack-a-mole between defenders and attackers.

State Exhaustion Attacks

As enterprise organizations invested in cloud-based DDoS mitigation service in recent years, attackers shifted their attention to stateful infrastructure.

31% in 2018
16% in 2017

Targeting New Services

The increasing use of encrypted traffic was reflected in the growing rate of attacks targeting it.

94%

experienced encrypted traffic attacks in 2018, nearly twice the percentage as the previous year

Simplify Operations, Please

We found a near-universal desire to simplify operational security processes, with the top priority being component and workflow integration.

92%
in favor of simplifying

Country Specific Data

This year, we dug into our enterprise survey data for highlights from six countries. Attack types, targets, techniques, motivations, impacts, and costs are all broken out for US and Canada, Brazil, UK, Germany, France, and Japan.

  • Brazil
  • UK
  • France
  • Japan
  • US
  • Canada
  • Germany

DDoS Attack Targets

Infrastructure

Global
49%
Brazil
57%

Customer-Facing Service/Applications

Global
38%
Brazil
46%

Saas Services

Global
41%
France
53%

Hiring Skilled People

51%

cited hiring and retaining skilled employees as a major challenge.

Cost of Downtime

Germany

$351,995
highest in our survey

Japan

$123,026
lowest in our survey

Global Data

NETSCOUT Arbor’s Active Threat Level Analysis System (ATLAS®) delivers a truly comprehensive view into internet traffic, trends and threats. With visibility into one-third of all internet traffic, we are ideally positioned to deliver actionable intelligence about botnets, DDoS attacks and malware that threaten internet infrastructure and network availability.

Attack Size

Max Attack Size

273%

While the total number of DDoS attacks declined 4% globally, we saw a dramatic and persistent increase in DDoS attack size and complexity.

Global DDoS Frequency

The number of DDoS attacks was down 4%

6.13

Million Attacks


Despite that sliver of good news, that equals:

16,794 attacks
per day
700 attacks
per hour
12 attacks
per minute

Most Targeted Region

2017 EMEA

with 2.3 million attacks

2018 Asia Pacific

also with 2.3 million attacks

Latin America Rising

Attack Size

The dramatic increase in DDoS attack size was consistent throughout the year.

270.6 GBPS
Largest attack in 2017
600 GBPS
Largest attack in 2018

Attack Frequency

Looking at the largest DDoS attacks each month and taking their average size, they were 45% larger in 2018 than in 2017.

2017
2018

Latin America, along with Asia Pacific, was the only other region to see a rise in DDoS attack frequency.

14%

Rise in DDoS attack frequency

41,938

DDoS attacks per month

Conclusion

NETSCOUT’s Worldwide Infrastructure Security Report delivers direct insights into what your peers are doing to address today’s most pressing security and operational challenges. We hope that you find the information useful in protecting your business in the coming year.