Security Survey: The Botnets are Coming!
A new infrastructure vulnerability study confirms what became apparent late last year: botnets are exploiting inherent security weaknesses in Internet of Things (IoT) devices.
The infrastructure security report released by Arbor Networks Inc. also warns that the release of botnet source code has greatly expanded the ability of hackers to launch distributed denial-of-service (DDoS) attacks. "The massive growth in attack size has been driven by increased attack activity on all reflection/amplification protocols, and by the weaponization of IoT devices and the emergence of IoT botnets," warns the study that was released on Tuesday (Jan. 24).
Paradoxically, the innovative networking technologies used to connect devices and sensors are contributing to the sheer scale of DDoS and other infrastructure attacks. Along with scale, the frequency of attacks has spiked for service providers and datacenter operators along with companies and government agencies, the study found. For example, 21 percent of datacenter operators reported more than 50 attacks per month. More than half of service providers said they experience more than 20 attacks a month, up 44 percent from the previous year.
Meanwhile, attacks are becoming more sophisticated, with botnets and other techniques simultaneously targeting different parts of victim's infrastructure.
"The survey respondents have grown accustomed to a constantly evolving threat environment with steady increases in attack size and complexity over the past decade," noted Darren Anstee, Arbor Networks' chief security technologist. "However, IoT botnets are a game changer because of the numbers involved."
One way of gauging the scale of DDoS attacks is determining the amount of bandwidth they saturate. By that measure, Arbor Networks estimates that the size of the largest attacks jumped a whopping 60 percent over the previous year to 800 Gbps. While most attacks are under 1 Gbps, organizations with "Internet facing circuits" generally less than 1 Gbps remain extremely vulnerable to DDoS attacks, the networking vendor asserted.
Meanwhile, nearly two-thirds of datacenter operators said attacks had completely saturated datacenter bandwidth. At the same time, mitigation costs related to DDoS attacks have risen, with one-quarter of datacenter and cloud providers reporting that costs associated with an attack have topped $100,000. A smaller percentage cost more than $1 million to mitigate, the survey found.
Arbor Networks and other infrastructure security specialists point to these findings as evidence that network operators must "reach upstream" to service providers to defend against the rise of botnets and other DDoS attacks. "The DDoS attack doesn’t have to be massive to impact you," Arbor Networks noted in a blog post accompanying its report. "It only has to be as large as your network pipe."
The network security vendor's survey was conducted between the November 2015 and October 2016, just as the Marai botnet attack surfaced. Since, then larger botnet attacks have been reported. As more devices are connected, observers warn that networks are likely to become even more vulnerable to DDoS attacks.