Massive distributed denial of service (DDoS) attacks against ISPs and their customers have almost doubled over the past year, according to a new security report.

Attacks on networks making them unavailable to intended users—also known as distributed denial of service (DDoS) attacks—exceeded 40 gigabits in the last year according to Arbor Networks’ annual survey of ISPs from North America, South America, Europe and Asia.

In addition to a significant rise in the volume of attacks against network infrastructure, the survey has also found that smaller and more sophisticated attacks—including service-level and application-targeted attacks, DNS poisoning, and route hijacking—are more difficult to manage than larger, brute force attacks and can cause a serious disruption in network service or enable further compromise.

“This year’s report underscores the twofold challenges faced by ISPs today,” said Danny McPherson, chief security officer for Arbor Networks. “ISPs are currently waging a multi-faceted battle as they face increased cost and revenue pressure, along with multi-threaded attacks that are growing in size, frequency and sophistication. The good news is that through improved communications and information sharing in the operational security community—this report included—the service provider community will be better prepared for the fight against Internet threats today and in the future.”

When asked to rank threats that they believe would pose the largest problems over the next 12 months, bots and botnets again took the top spot, followed closely by DNS cache poisoning and BGP route hijacking. Source: Arbor Networks

The key findings in the report include:

ISPs Fight New Battles. In the last four surveys, ISPs reportedly spent most of their available security resources combating distributed denial of service (DDoS) attacks. For the first time, this year ISPs describe a far more diversified range of threats, including concerns over domain name system (DNS) spoofing, border gateway protocol (BGP) hijacking and spam. Almost half of the surveyed ISPs now consider their DNS services vulnerable. Others expressed concern over related service delivery infrastructure, including voice over IP (VoIP) session border controllers (SBCs) and load balancers.

Attacks Now Exceed 40 Gigabits. From relatively humble megabit beginnings in 2000, the largest DDoS attacks have now grown a hundredfold to break the 40 gigabit barrier this year. The growth in attack size continues to significantly outpace the corresponding increase in underlying transmission speed and ISP infrastructure investment. The below graph shows the yearly reported maximum attack size.

Services Under Threat. Over half of the surveyed providers reported growth in sophisticated service-level attacks at moderate and low bandwidth levels attacks specifically designed to exploit knowledge of service weakness like vulnerable and expensive back-end queries and computational resource limitations. Several ISPs reported prolonged (multi-hour) outages of prominent Internet services during the last year due to application-level attacks.

Fighting Back. The majority of ISPs now report that they can detect DDoS attacks using commercial or open source tools. This year also shows significant adoption of inline mitigation infrastructure and a migration away from less discriminate techniques like blocking all customer traffic (including legitimate traffic) via routing announcements. Many ISPs also report deploying walled-garden and quarantine infrastructure to combat botnets.

Related Links:
Arbor Networks Publishes Fourth Annual Worldwide Worldwide Infrastructure Security Report (Arbor Netowrks, 11/11/2008)
2008 Worldwide Infrastructure Security Report (Arbor Security Blog, 11/11/2008)
Copy of the Full Report (Free Registration Required)
Distributed DoS Attacks Surging in Scale, ISPs Report (NetworkWorld, 11/11/2008)