News

Survey Points to Concerns Over 'Hacktivist' Attacks

An industry-produced survey suggested that Web site attacks motivated by political considerations may be on the rise.

Most distributed denial-of-service (DDoS) attacks were attributed to political or ideological reasons, according to respondents in a report recently published by Arbor Networks. Thirty-five percent of survey respondents to Arbor Networks' annual Worldwide Security Infrastructure Report, released Feb. 7, said ideology or politics is the most common motivating factor for attacks, followed by vandalism at 31 percent.

At the same time, confidence in law enforcement to deal with the issue is at an all-time low. Only 21 percent of respondents were confident that law enforcement entities could help. Most -- nearly 74 percent of respondents -- do not refer security breaches to authorities. While respondents cited a range of reasons for not alerting law enforcement, one was that many attacks originate from foreign locations.

Similarly, 73 percent of respondents are concerned that governments are not doing enough to protect critical network infrastructure. On the positive side, 88 percent of respondents welcome greater government involvement with operational security incident response and 66 percent are actively engaged with their respective national or regional Computer Emergency Readiness Team (CERTs) and/or Computer Security Incident Response Teams (CSIRTs). Some respondents weren't involved simply because no national or regional organization of this type exists in their area.

The survey also found the scope and number of attacks on the rise. There was a significant increase in flood-based DDoS in the 10 Gbps range, indicating that large flood-based attacks have gone "mainstream" and DDoS will be a routine attack method, noted the report.

Sophisticated application-layer (Layer 7) DDoS attacks are commonplace and complex multi-vector DDoS attacks with both flood-based and application-layer attack components are rapidly increasing.

New DDoS tools "have empowered anyone with an Internet connection to launch DDoS attacks. This has profound implications for any business operating online. The risk of attack is now exponentially greater than in the recent past, commanding the need for a layered defense strategy in the enterprise," according to a company press release on the survey.

Respondents are seeing IPv6 DDoS attacks for the first time on their networks, which the report described as "a significant milestone in the arms race between attackers and defenders."

"Even many of the less sophisticated tools have Remote Access Trojan functionality to perform password theft, download and execute other malware, sniff keystrokes and other malicious activities," said Curt Wilson, a member of Arbor's Security and Engineering Response Team.

"In addition to the threats to confidentiality, actual incidents have shown that simple flooding tools such as a host booter can take down enterprise-class firewalls from either side of the firewall due to state table exhaustion."

The company surveyed 114 individuals from around the world. All were directly involved in their organization's network security operations.

Featured

  • Jumbled Word Cloud Graphic

    Q&A: How Microsoft Is Raising Azure Arc's Data Services Game

    Ignite 2020 saw the public preview of Azure Arc enabled data services, the latest step in Microsoft's bid to demystify multicloud. Principal program manager Travis Wright explains how it works.

  • Ivanti Buys MobileIron and Pulse Secure

    The acquisitions are expected to enhance Ivanti's mobile endpoint security offerings.

  • Microsoft Touts Azure as 'Carrier-Grade Platform' for Telcos Deploying 5G

    Microsoft has affirmed its software-defined networking infrastructure support for telecom companies, especially as they move more toward rolling out 5G wireless services.

  • Microsoft Rebrands Enterprise Security Solutions as 'Microsoft Defender'

    Microsoft took the occasion of its Ignite event last week to rebrand its enterprise security solutions for premises and cloud environments, mostly by putting "Microsoft Defender" on their names.

comments powered by Disqus