Security Market Segment LS


JUser: :_load: Unable to load user with ID: 63
Tuesday, 29 January 2013 07:01

Ideologically motivated DDoS now the biggest security threat


Four of the top five Internet threats over the last 12 months were distributed denial of service attacks and most of these were ideologically motivated according to Arbor Networks' eighth annual Worldwide Infrastructure Security Report.

"The number one motivation is still ideological hacktivism - not surprising given media coverage this year," Arbor says. "Online gaming is up from third to second and nearly 15 percent [of respondents] are seeing attacks motivated by extortion, competitive rivalry or as a cover for data exfiltration."

According to Arbor's survey, "Ninety four percent of data centres are seeing DDoS attacks regularly. Just over a third see firewalls fail due to DDoS attacks." It added, "As more companies move their services to the cloud shared risk is more of an issue...83.3 percent of respondents now see between 1 and 50 attacks per month.

"The proportion of respondents seeing zero attacks per month has dropped from 30 percent to 5.6 percent. There has been a big rise in the proportion of respondents seeing attacks targeting infrastructure and infrastructure services."

According to Nick Race, Arbor's country manager for Australia, the sophistication of DDoS attacks has increased significantly from simple brute force attacks where the attacker seeks to flood the victim's servers with so much traffic that data pipes become clogged and servers fail through overload.

Late last year DDoS attacks were launched on a number of US banks by a Muslim hacktivist group calling itself the Cyber fighters of Izz ad-din Al qassam in a bid to get the controversial movie 'The Innocence of Muslims' removed from the Internet.

According to Race, "This was the first time we have seen multivectored DDoS attacks." He explained: "There are two types of DDoS: the volumetric and the application, Volumetric is designed to physically overload the pipes. The application DDoS targets specific infrastructure like a web server or DNS server.

"What we saw with the US banks was that the attackers were using both types of attacks simultaneously...It was a very sophisticated attack that targeted multiple companies simultaneously."

Such attacks have become very easy to launch, without specialist knowledge, Race said. "It is very easy to get attack tools on the Internet. You can go to companies that will do attacks for you and even offer SLAs on their attack! For $50 you can a one gigabit attack for 24 hours anywhere in the world. It makes it very easy to launch this type of attack."

He said that, with the increasing popularity of cloud computing, it was essential that data centre operators provided protection for their clients. "If they are providing Iaas or PaaS it is really the cloud service provider who should be providing the security associated with that. You only need one tenant to be attacked and they can take down every other tenant in that data centre. It is really important to choose one that has the required level or protection."

You can read more stories on telecommunications in our newsletter ExchangeDaily, click here to sign up for a free trial...

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.




Recent Comments