Network Security, Network Security

Application-level attacks biggest concern for ISPs

IP network operators believe that distributed denial-of-service (DDoS) attacks against services and applications will cause them the most problems during the next 12 months, according to an annual report released Tuesday by network security firm Arbor Networks.

The fifth-annual report, which surveyed 132 respondents from North America, South America, Europe, Africa and Asia, found that 35 percent of respondents believe that service and application-level attacks, which are designed to exploit service weaknesses in vulnerable backend infrastructures, will cause the most disruptions this year, the report states. Botnets were the second largest operational threat, rated the primary concern for 21 percent of respondents.

“Over the last five to six years, the sheer volume of attacks was the biggest problem,” Craig Labovitz, chief scientist at Arbor Networks, told SCMagazineUS.com on Tuesday. “That might be beginning to change. This year, the attacks have started to level off, but there's also a shift to much more focused, targeted attacks against cloud infrastructure.”

Several respondents said their organization had experienced service-level attacks in the past year targeting their distributed domain name system (DNS) infrastructure, load balancer, or large-scale SQL server backend infrastructure, the report states. These attacks resulted in multihour outages of prominent internet services for some organizations.

In addition, bandwidth volume used in the largest DDoS attacks rose 22 percent last year, from 40 gigabytes per second in 2008 to 49 per second last year, the report states.

DDoS bandwidth growth seems to be slowing, however, compared to previous years, the report states. In the past, bandwidth use in the largest DDoS attacks had nearly doubled each year.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.