Application-level attacks biggest concern for ISPs

Share this article:
IP network operators believe that distributed denial-of-service (DDoS) attacks against services and applications will cause them the most problems during the next 12 months, according to an annual report released Tuesday by network security firm Arbor Networks.

The fifth-annual report, which surveyed 132 respondents from North America, South America, Europe, Africa and Asia, found that 35 percent of respondents believe that service and application-level attacks, which are designed to exploit service weaknesses in vulnerable backend infrastructures, will cause the most disruptions this year, the report states. Botnets were the second largest operational threat, rated the primary concern for 21 percent of respondents.

“Over the last five to six years, the sheer volume of attacks was the biggest problem,” Craig Labovitz, chief scientist at Arbor Networks, told SCMagazineUS.com on Tuesday. “That might be beginning to change. This year, the attacks have started to level off, but there's also a shift to much more focused, targeted attacks against cloud infrastructure.”

Several respondents said their organization had experienced service-level attacks in the past year targeting their distributed domain name system (DNS) infrastructure, load balancer, or large-scale SQL server backend infrastructure, the report states. These attacks resulted in multihour outages of prominent internet services for some organizations.

In addition, bandwidth volume used in the largest DDoS attacks rose 22 percent last year, from 40 gigabytes per second in 2008 to 49 per second last year, the report states.

DDoS bandwidth growth seems to be slowing, however, compared to previous years, the report states. In the past, bandwidth use in the largest DDoS attacks had nearly doubled each year.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Fake Dropbox login page nabs credentials, is hosted on Dropbox

Fake Dropbox login page nabs credentials, is hosted ...

Symantec researchers received a phishing email linking recipients to a fake Dropbox login page that is hosted on Dropbox's user content domain and served over SSL.

Hacker sentenced to 30 months in prison and $300k restitution

Hacker sentenced to 30 months in prison and ...

Lamar Taylor was sentenced in New Jersey this past week for allegedly participating in a cybercrime scheme that accounted for more than $15 million.

Progress on national breach notification law may stall

A bill, which would require a national reporting standard, has failed to make it before the Senate or House this year.