Arbor Networks released their annual Infrastructure Security Report last week. The report details the concerns and security threats faced by large telco and ISP service providers. Denial of service attacks on cloud based services, botnets, identity and credential theft, and DNS cache poisoning topped the list of concerns. Going forward, the pending adoption of DNSSEC and IPV6 represent infrastructure changes that are going to tax not only service providers but customer and enterprise networks.
The most ominous trend is the increased sophistication and the targeted nature of attacks. In the past it appeared simple disruption was the goal of attackers. Now it is more commercially oriented. If you depend on the Internet, including email or cloud services for your operations you could be specifically targeted.
To read the full article requires registration, but Information week has a good recap: Denial-of-Service Attack Intensity Grows"
A survey of 132 network operators and telecommunication providers reveal that Distributed Denial-of-Service (DDoS) attacks is the top day-to-day security challenge facing service providers.
The report also cites several multi-hour service provider outages caused by attacks targeting distributed domain name system (DNS) infrastructure, load balancers and large-scale SQL server back-end infrastructure.
The Arbor Networks blog goes on:
"Beyond sheer attack size, respondents indicated that they are continuing to see attacks become more sophisticated, with attackers expressly aiming to exhaust resources other than bandwidth, such as firewalls, load-balancers, back-end database infrastructure and associated transaction capacity, cached data serving algorithms, etc. This increasing sophistication is a disconcerting trend that has been captured in previous editions of the survey as well, and one that continues to worry network operators. With observable consolidation of content sources and migration to multi-tenant cloud or hosted infrastructure and services (e.g., DNS), the risk of attacks that impact multiple entities and more commonly induce collateral damage is heightened.
Another resounding theme network operators expressed was that of considerable concern over the combinatorial effects of pending DNSSEC deployment, IPv4 address space exhaustion, corresponding IPv6 deployment acceleration, and 32-bit ASNs for the Internet’s inter-domain routing system, all within the next 12-24 months."
Some pundits do not take DDoS attacks seriously because we have had few serious outages. Yet they are underway all the time. Why don't they have a more pronounced effect? Service providers and ecommerce companies have developed enormous overcapacity to deal with these attacks. Overcapacity adds a lot to expenses and power consumption. If we could run closer to the red line it would be much more efficient, green, and cost effective. At the end of the day consumers pay for all of this overcapacity.