Inside Advanced Scale Challenges|Tuesday, May 23, 2017
  • Subscribe to EnterpriseTech Weekly Updates: Subscribe by email

Security Survey: The Botnets are Coming! 

(BeeBright/Shutterstock)

A new infrastructure vulnerability study confirms what became apparent late last year: botnets are exploiting inherent security weaknesses in Internet of Things (IoT) devices.

The infrastructure security report released by Arbor Networks Inc. also warns that the release of botnet source code has greatly expanded the ability of hackers to launch distributed denial-of-service (DDoS) attacks. "The massive growth in attack size has been driven by increased attack activity on all reflection/amplification protocols, and by the weaponization of IoT devices and the emergence of IoT botnets," warns the study that was released on Tuesday (Jan. 24).

Paradoxically, the innovative networking technologies used to connect devices and sensors are contributing to the sheer scale of DDoS and other infrastructure attacks. Along with scale, the frequency of attacks has spiked for service providers and datacenter operators along with companies and government agencies, the study found. For example, 21 percent of datacenter operators reported more than 50 attacks per month. More than half of service providers said they experience more than 20 attacks a month, up 44 percent from the previous year.

Meanwhile, attacks are becoming more sophisticated, with botnets and other techniques simultaneously targeting different parts of victim's infrastructure.

"The survey respondents have grown accustomed to a constantly evolving threat environment with steady increases in attack size and complexity over the past decade," noted Darren Anstee, Arbor Networks' chief security technologist. "However, IoT botnets are a game changer because of the numbers involved."

One way of gauging the scale of DDoS attacks is determining the amount of bandwidth they saturate. By that measure, Arbor Networks estimates that the size of the largest attacks jumped a whopping 60 percent over the previous year to 800 Gbps. While most attacks are under 1 Gbps, organizations with "Internet facing circuits" generally less than 1 Gbps remain extremely vulnerable to DDoS attacks, the networking vendor asserted.

Meanwhile, nearly two-thirds of datacenter operators said attacks had completely saturated datacenter bandwidth. At the same time, mitigation costs related to DDoS attacks have risen, with one-quarter of datacenter and cloud providers reporting that costs associated with an attack have topped $100,000. A smaller percentage cost more than $1 million to mitigate, the survey found.

Arbor Networks and other infrastructure security specialists point to these findings as evidence that network operators must "reach upstream" to service providers to defend against the rise of botnets and other DDoS attacks. "The DDoS attack doesn’t have to be massive to impact you," Arbor Networks noted in a blog post accompanying its report. "It only has to be as large as your network pipe."

The network security vendor's survey was conducted between the November 2015 and October 2016, just as the Marai botnet attack surfaced. Since, then larger botnet attacks have been reported. As more devices are connected, observers warn that networks are likely to become even more vulnerable to DDoS attacks.

About the author: George Leopold

George Leopold has written about science and technology for more than 25 years, focusing on electronics and aerospace technology. He previously served as Executive Editor for Electronic Engineering Times.

2 Responses to Security Survey: The Botnets are Coming!

  1. Ian Wright

    Monitoring is the key here. DDoS attacks make sudden changes to your site behavior. There are now free apps for imposing a DDoS attack. I always keep tract of my site’s activities and I also have PureVPN’s DDoS Protection. Was attacked once but my measures were on point.

     
  2. George

    I think that my blog’s servers might have fallen victim to botnet attacks in the past but I’m not too sure. It’s just that from 20 daily visitors I went immediately to 200-300 and they all were from the same country and each one had a really similar IP address, so I guess that those were botnets? At this moment I’m back to 20 visitors per day or so.

     

Add a Comment

Share This