By Channel Partners Staff
Denial-of-Service (DDoS) attacks that leveraged Internet of Things (IoT) devices were favored heavily by criminals in the last year. Meanwhile, executives took more notice of the cost and consequence of cybercrime in the enterprise and struggled with staffing issues that impacted their ability to mitigate threats according to NETSCOUT Arbor’s 13th Annual Worldwide Infrastructure Security Report (WISR).
“Attackers focused on complexity this year, leveraging weaponization of IoT devices while shifting away from reliance on massive attack volume to achieve their goals,” said Darren Anstee, NETSCOUT Arbor chief technology officer. “Attackers have been effective, and the proportion of enterprises experiencing revenue loss due to DDoS nearly doubled this year.”
The WISR survey data is based upon 390 responses from a mix of Tier 1, Tier 2 and Tier 3 service providers, hosting, mobile, enterprise and other types of network operators from around the world, and covers November 2016 through October 2017.
The highlight of the data focuses largely on the exploitation of IoT devices that lead to more complex DDoS attacks. The issue is reminiscent of the high-profile Mirai botnet attack in 2016, during which the malware involved would continuously scan the internet for the IP address of Internet of things (IoT) devices, such as security cameras and digital video recorders, and then “enslave” them for use in a widespread denial-of-service attacks on various web sites.
The WISR found 57 percent of enterprise and 45 percent of data-center operators saw their internet bandwidth saturated due to DDoS attacks. There were 7.5 million DDoS attacks in 2017, according to data from Arbor’s ATLAS infrastructure, which Arbor says covers approximately one-third of global internet traffic. Service-provider respondents experienced more volumetric attacks while enterprises reported a 30 percent increase in stealthy application-layer attacks.
“This year, we’ve seen increasing sophistication of IoT-based botnet attack capabilities. These modern botnets are capable of delivering sophisticated attacks that include application-layer, volumetric, and complex multi-vector DDoS attacks,” said Gary Sockrider, principal security technologist with Arbor Networks. “Easy-to-use DDoS for hire services have helped make more sophisticated multi-vector DDoS attacks increasingly common.”
High-profile DDoS attacks have led to a better understanding of the threat at the executive level, according to Arbor officials. In 2017, 77 percent of enterprise organizations reported that DDoS was either a part of their business or their IT risk assessments. Arbor said this is a 70 percent increase from the previous year.
Another reason executives are getting involved — the consequences of a successful attack are rising. A majority of respondents cited reputation/brand damage as the main business impact and 56 percent saw a financial impact between $10,000 and $100,000, almost double the proportion from 2016, according to Arbor.
The report points to ongoing issues with hiring, staffing and retention of skilled security talent, a problem felt by organizations around the globe. More than half of enterprise respondents (54 percent) said they have difficulty hiring and retaining skilled personnel. As a result, more are relying on third-party and …