Report: DDoS fuzzes “Signal to Noise” Ratio
For the last seven years, Arbor Networks has polled its user base & compiled an annual Worldwide Infrastructure Security Report. Since Arbor Networks is still the defacto standard for carrier grade network intrusion detection systems (NIDS), at minimum it’s worth giving a cursory review of this document. Arbor identifies issues, themes and trends that could have an impact on our clients.
This year’s report points to a fundamental change in Distributed Denial of Service (DDoS) attacks. The rise of hacktivism has influenced the pure number of DDoS attacks seen over the past year instead of the traditional financial motives. With hacktivist groups embarking in grassroots efforts to organize and grow, these various hacker cells are leveraging easy attack tools such Low Orbit Ion Cannon (LOIC) to train others.
Here are three points from the report that are worthy of mention:
1) The fundamental nature of DDoS is changing in that the average flood-based DDoS attempt is within the 10Gbps range (typically 60-100 Gbps)
2) DDoS is no longer purely a saturation issue, complex multi-vector and application attacks are becoming commonplace
3) Most conventional network devices such as stateful firewalls, IPS tools and load balancers continue to fail under internet facing DDoS attacks
So what does this really mean?
While these issues are anecdotally interesting, they represent greater implications in terms of national security and internet resilience.
Cyber-conflicts are rapidly becoming precursors to kinetic action. Precision digital strikes have been, and will continue to be executed under the cover of multi-vector DDoS. This in turn will make our internet intelligence surveillance reconnaissance (ISR) tools blind and our response capabilities hobbled.
The new “fog of war” is digital in nature, and Multivector DDoS will be its name. As with any conflict, when the landscape changes and the enemy are covertly attacking, a strong defensive line must be in place.
Both federal agencies and enterprises alike need to ensure that they have the proper security controls in place to secure critical assets. Yet, it would be foolish to assume that traditional security methods and technologies will be enough to protect the network against these attacks. One of operational mantras for 2012 and beyond will herald back to Dan Geer’s Harvard Journal article in Jan/2011: “Risk absorption — the ability to operate in degraded states.”
Organizations today must have the understanding that an attack will occur and the capacity to continue functioning despite cascading systemic failures. Additionally they must be able to use the event to gather intel for remediation and mitigation against future attacks. In the case of DDoS, that means resilient and robust systems with ever-increasing network/system capacity, and out of band ISR toolkits.
TechSource in your Inbox
Sign-up here to receive our latest posts by email.