News

Survey Points to Concerns Over 'Hacktivist' Attacks

An industry-produced survey suggested that Web site attacks motivated by political considerations may be on the rise.

Most distributed denial-of-service (DDoS) attacks were attributed to political or ideological reasons, according to respondents in a report recently published by Arbor Networks. Thirty-five percent of survey respondents to Arbor Networks' annual Worldwide Security Infrastructure Report, released Feb. 7, said ideology or politics is the most common motivating factor for attacks, followed by vandalism at 31 percent.

At the same time, confidence in law enforcement to deal with the issue is at an all-time low. Only 21 percent of respondents were confident that law enforcement entities could help. Most -- nearly 74 percent of respondents -- do not refer security breaches to authorities. While respondents cited a range of reasons for not alerting law enforcement, one was that many attacks originate from foreign locations.

Similarly, 73 percent of respondents are concerned that governments are not doing enough to protect critical network infrastructure. On the positive side, 88 percent of respondents welcome greater government involvement with operational security incident response and 66 percent are actively engaged with their respective national or regional Computer Emergency Readiness Team (CERTs) and/or Computer Security Incident Response Teams (CSIRTs). Some respondents weren't involved simply because no national or regional organization of this type exists in their area.

The survey also found the scope and number of attacks on the rise. There was a significant increase in flood-based DDoS in the 10 Gbps range, indicating that large flood-based attacks have gone "mainstream" and DDoS will be a routine attack method, noted the report.

Sophisticated application-layer (Layer 7) DDoS attacks are commonplace and complex multi-vector DDoS attacks with both flood-based and application-layer attack components are rapidly increasing.

New DDoS tools "have empowered anyone with an Internet connection to launch DDoS attacks. This has profound implications for any business operating online. The risk of attack is now exponentially greater than in the recent past, commanding the need for a layered defense strategy in the enterprise," according to a company press release on the survey.

Respondents are seeing IPv6 DDoS attacks for the first time on their networks, which the report described as "a significant milestone in the arms race between attackers and defenders."

"Even many of the less sophisticated tools have Remote Access Trojan functionality to perform password theft, download and execute other malware, sniff keystrokes and other malicious activities," said Curt Wilson, a member of Arbor's Security and Engineering Response Team.

"In addition to the threats to confidentiality, actual incidents have shown that simple flooding tools such as a host booter can take down enterprise-class firewalls from either side of the firewall due to state table exhaustion."

The company surveyed 114 individuals from around the world. All were directly involved in their organization's network security operations.

Featured

  • AzCopy Preview Adds AWS S3 Data Transfer Improvements

    Microsoft announced this week that it has improved the preview version of its AzCopy tool to better handle Amazon Web Services (AWS) S3 data.

  • Microsoft Adding Google G Suite Migration in Exchange Admin Center

    Microsoft's Exchange Admin Center will be getting the ability to move Google G Suite calendar, contacts and e-mail data over to the Office 365 service "in the coming weeks."

  • Qualcomm Back in Datacenter Fray with AI Chip

    The chip maker joins a crowded field of vendors that are designing silicon for processing AI inference workloads in the datacenter.

  • Microsoft To Ship Surface Hub 2S Conference Device in June

    Microsoft on Wednesday announced a June U.S. ship date for one of its Surface Hub 2S conferencing room products, plus a couple of other product milestones.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.