Arbor Networks, Inc. today released its 9th Annual Worldwide Infrastructure Security Report (WISR) offering a rare view into the most critical security challenges facing today’s network operators. Based on survey data provided by service providers, enterprises, cloud, hosting and other network operators from around the world, this annual report provides a real-world view of the security threats that organizations face and the strategies they adopt to address them.
Arbor’s long-standing customer relationships and reputation as a trusted advisor and solution provider make this report possible each year. Click here (registration required) to access the Arbor Networks 9th Annual Worldwide Infrastructure Security Report.
“From the ISP to the enterprise, IT and security teams are facing a dynamic threat landscape and very skilled and patient adversaries. Our ninth annual report showcases that very clearly,” said Matthew Moynahan, president of Arbor Networks. “There is no single, magic bullet solution and it is a mistake to think technology alone can secure a network. Multi-layered defenses are clearly needed, but so is a commitment to best practices for people and process.”
KEY INDIA – SPECIFIC FINDINGS:
Drastic increase in Reported Attacks on Government and Financial Services Organizations in India
·End-Users or subscribers most common target type, financial and e-commerce services tie for second place.
·Significant increase seen in attacks against financials and government, with 34 percent and 43 percent reporting cyber threats and attacks respectively, up from last year’s 15 percent and 19 percent respectively.
Internal Network and Advanced Persistent Threats
·Respondents ranked botted hosts as their number one concern.
·The proportion of respondents seeing APTs on their networks increased from 20 percent to 30 percent year over year.
·57 percent of survey respondents do not have a solution deployed to identify employee-owned devices accessing the corporate network.
DDoS attacks against mobile networks in India more than doubled
·Nearly a quarter of the respondents offering mobile services indicated that they have seen DDoS attacks impacting their mobile Internet (Gi) infrastructure, doubling the proportion over the past year.
·More than 20 percent offering mobile services indicated that they have suffered a customer-visible outage due to a security incident, down slightly from about one-third last year.
Application-layer attacks have become ubiquitous
·Application-layer attacks are now common with almost all respondents indicating they have seen them during this survey period.
·Continued strong growth in application-layer attacks targeting encrypted Web services (HTTPS) – 82 percent reported applications attacks against HTTP, up 17 percent over last year.
Dramatic Rise in DDoS Attack Size
·In all previous years of the survey, the largest reported attack was 100 Gbps. This year, attacks peaked at 309 Gbps and multiple respondents reported attacks larger than 100 Gbps.
·DDoS attacks against customers remains the top experienced threat.
Data centers are a target for DDoS attacks
·More than 70 percent operating data centers reported DDoS attacks this year, up dramatically from under half last year.
·More than a third experienced attacks that exceeded total available Internet connectivity, nearly double that of last year.
·About 10 percent saw more than 100 attacks per month.
DNS infrastructure remains vulnerable
·One-third experienced customer-impacting DDoS attacks on DNS infrastructure—an increase from a quarter last year.
·More than a quarter indicated that there is no security group within their organization with formal responsibility for DNS security, up from 19 percent last year. This increase is surprising given the number of high-profile DNS reflection/amplification attacks that were seen during the survey period.
Survey Scope & Demographics
·220 responses globally, up from 130 last year, from a mix of Tier 1 and Tier 2/3 service providers, hosting, mobile, enterprise and other types of network operators from around the world.
·More than 68 percent of respondents this year are service providers, giving us a global view into the traffic and threats targeting their networks, services and customers.
·Data covers November, 2012 through October, 2013.