Anti-Spoofing Decline 'Bad News' for Security

Arbor Networks' latest security report indicates that large cyber attacks are on the rise while defenses look weak.

Iain Morris, International Editor

January 27, 2015

4 Min Read
Anti-Spoofing Decline 'Bad News' for Security

The past year has seen a huge spike in the number of large cyber attacks and many organizations look poorly equipped to cope with an incident, according to the latest Worldwide Infrastructure Security Report from Arbor Networks.

Discussing the report's major findings with Light Reading, Darren Anstee, Arbor Networks 's director of Solution Architects, says there has been a return to the use of "big volumetrics" among cyber criminals previously focused on much stealthier application-layer attacks.

"Before 2013 you would have seen only a handful of these attacks, but there were 39 at the 100Gbit/s level or higher in 2013 and 159 such attacks last year," he says.

The largest reported attack was 400 Gbit/s but other organizations surveyed by Arbor for the security report reported attacks of 300 Gbit/s, 200 Gbit/s and 170 Gbit/s, with several reporting events that exceeded the 100Gbit/s threshold.

Figure 1: Source: Arbor Networks Source: Arbor Networks

Anstee says cyber criminals have been taking advantage of the fact that many networks do not make use of anti-spoofing filters, which prevent hackers from faking IP addresses to carry out attacks using so-called reflection/amplification techniques.

Indeed, the biggest surprise from this year's findings was a decrease in the proportion of survey respondents using anti-spoofing filters -- down from about one half in recent years to just one third in 2014.

"Given media coverage around these attacks, I would have thought more operators would use anti-spoofing, because you can only do reflection/amplification by faking your IP address," says Anstee.

One possible explanation could be the growth in the number and variety of survey respondents: Arbor asked questions of 287 respondents last year -- up from 220 in 2013 -- with 60% drawn from the communications service provider (CSP) community and the rest from the enterprise, government and education (EGE) sectors.

"We're seeing that best practices aren't as widely deployed as we might have previously thought," says Anstee. Arbor's report describes the finding as "bad news".

Interestingly, EGE respondents are still seeing a higher proportion of application-layer attacks than CSPs. Some 29% of attacks fell into this category, according to EGE respondents, compared with just 17% of the attacks on service providers.

Anstee says that application-layer attacks can be relatively hard to detect and that EGE organizations tend to have more in-depth visibility of the traffic on their networks than large service providers.

Want to know more about cloud services? Check out our dedicated cloud services content channel here on Light Reading.

Despite the fall in the proportion of respondents using anti-spoofing filters, Anstee refutes the suggestion that organizations are not taking the security threats seriously enough. As he notes, when it comes to defending against distributed denial-of-service (DDoS) attacks, intelligent DDoS mitigation systems (IDMS) have now overtaken more old-fashioned access control lists (ACLs) as the most popular safeguard. Around 70% of respondents claim now to be using IDMS, while 63% employ ACLs. (See Cloud Providers: Beware DDoS Domino Effect.)

Clearly, as a vendor of IDMS, Arbor has a vested interest in popularizing them as a security measure, but the findings do appear to confirm that interest in DDoS protection services is rising.

"Service providers are taking the threat seriously and putting specialist solutions in place to deal with DDoS," says Anstee. (That CSPs are taking security very seriously was clear from the results of a Heavy Reading survey conducted in late 2014 -- see Security Suffers From 'Not My Job' Mentality .)

Arbor also flags an encouraging increase in the proportion of respondents able to respond to an attack in less than 20 minutes -- up from 60% in 2013 to 68% last year.

Meanwhile, with 29% of respondents reporting attacks on cloud services, compared with just 19% in 2013, demand for DDoS detection and mitigation services among cloud and hosting organizations has risen sharply. Some 59% of cloud and hosting providers expressed interest in DDoS services, a higher proportion than in any other vertical market.

Figure 2: Source: Arbor Networks Source: Arbor Networks

"The cloud is becoming pervasive but if you can't reach cloud services across the Internet they are not much use," says Anstee. "Service providers are being driven to put protection in place."

As for the impact of cybercrime, survey respondents cited operational expense and reputational damage as the chief concerns, but there was also a jump in the proportion seeing revenue losses as a result of DDoS attacks. Among data center operators, specifically, 44% of respondents reported revenue losses in 2014, up from 27% in 2013.

Figure 3: Source: Arbor Networks Source: Arbor Networks

— Iain Morris, Circle me on Google+ Follow me on TwitterVisit my LinkedIn profile, News Editor, Light Reading

About the Author(s)

Iain Morris

International Editor, Light Reading

Iain Morris joined Light Reading as News Editor at the start of 2015 -- and we mean, right at the start. His friends and family were still singing Auld Lang Syne as Iain started sourcing New Year's Eve UK mobile network congestion statistics. Prior to boosting Light Reading's UK-based editorial team numbers (he is based in London, south of the river), Iain was a successful freelance writer and editor who had been covering the telecoms sector for the past 15 years. His work has appeared in publications including The Economist (classy!) and The Observer, besides a variety of trade and business journals. He was previously the lead telecoms analyst for the Economist Intelligence Unit, and before that worked as a features editor at Telecommunications magazine. Iain started out in telecoms as an editor at consulting and market-research company Analysys (now Analysys Mason).

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like