In October 2017, NETSCOUT Arbor collected data from 390 individuals within the operational security community to compile the company’s 13th annual Worldwide Infrastructure Security Report (WISR). 128 freeform and multiple choice questions were asked in the 2017 survey that targets service providers and enterprise, government and education (EGE) respondents.
A large majority of service providers said that DDoS attacks were the dominant security threat that they experienced. Infrastructure outages were the second-biggest security threat reported. The top motivation for DDoS attacks shifted during 2017. Online gaming was still seen as the primary impetus, however, only 50% agreed with this compared to 63% the previous year. Criminals using DDoS attacks to demonstrate their capabilities to potential customers came in just behind online gaming, with extortion rouding out the top three motivations.
Key findings in the area of DDoS attacks include:
- Attack Size – the largest attack reported by a service provider last year was 600 Gbps, which was a drop from 800 Gbps the previous year
- Volumetric attacks – the proportion of volumetric attacks went up, although overall peak attack sizes and the frequency of extremely large attacks fell
- IoT devices – there was a significant increase in attacks that exploited IoT devices to generate large packet floods and application-layer attacks
- Multi-vector attacks – 59% of service providers and 48% of EGE respondents reported experiencing complex multi-vector attacks
- Application-layer attacks – DNS is most frequently targeted during application-layer attacks
- Reflection/amplification attacks – DNS and NTP continue to be the most commonly used vectors to maximize the scale of attacks
- Encrypted attacks – 53% of EGE participants said DDoS attacks targeted the encrypted service at the application layer and 42% targeted the SSL/TLS protocol
- Most frequent targets – end-user subscribers, as usual, are the most targeted kind of customer. Financial services came in second
- Email and VoIP – these services were targeted more frequently than last year, suggesting that attackers are going after more vulnerable services.
Key findings in the area of DDoS mitigation include:
- Managed DDoS mitigation services – demand is strong for managed services, particularly in financial, government, cloud/hosting, e-commerce and education
- Automatic DDoS mitigation – over one third of service providers are using automatic DDoS mitigation techniques
- Outbound and cross-bound attacks – 46% of service providers are not monitoring these kinds of attack, which is of concern
- Firewalls – over half of EGE respondents had firewalls or ISP devices fail or contribute to an outage in the midst of a DDoS attack
- Costs of attacks – survey responses indicate that the cost of a DDoS attack is growing and increasingly significant to a company’s overall budget
- Impact on brand – brand damage and operational costs are still the two biggest consequences of suffering a DDoS attack.