According to NetScout’s 14th Annual Worldwide Infrastructure Security Report, the global max attack size increased 273 percent in 2018, even as we reached the Terabit Era of DDoS attacks.
“In 2018, enterprise respondents continued to wrestle with challenges such as ransomware, insider threats, and DDoS attacks, all while struggling to simplify operations,” the report said, while “At the same time, attackers increasingly targeted important components of digital transformation initiatives, such as SaaS and cloud services.”
At the NetEvents Global IT Summit, Gary Sockrider, Director, Security Technology at NetScout shared insights based on the popular annual report, primarily focusing on the expansion of the attack surface brought to enterprises by the clouds they are moving to given the natural benefits of Everything-as-a-Service. Savvy attackers and sophisticated adversaries are following the data – which is following the money – given that so much information is now being hosted in the cloud and exchanged via communications networks, APIs, and data-sharing applications.
The report likens the response from Enterprise IT teams, sounding the alarm to the challenges service providers faced when it came to protecting infrastructure and systems in order to deliver cloud-based services. Not surprisingly, businesses are turning to experts, given the endless need to build and maintain skilled security teams.
Governments, educational institutions, and non-profits were not immune from the onslaught, as an increase in DDoS attacks on the public sector rose, including politically motivated attacks.
When NetScout introduced their report 14 years ago, 10 GBPS attacks made headlines; today, attacks forty times that size are routinely mitigated with little or no disruption to online services when security measures and policies are put in place and followed.
“400 Gbps attacks are now a matter of routine,” the report disclosed, saying, “The size of DDoS attacks is growing at an alarming pace all around the world, with significant implications for network operators of all sizes, from global service providers to emerging enterprises.”
“DDoS attacks tools have continued to evolve in recent years. They are cheap, easy to use and widely available. Further, DDoS for hire services can be had for as little as $20, resulting in over ten thousand DDoS attacks every day around the world. The average size and complexity of attacks continue to grow as well, so businesses must make sure their key resources are adequately protected – including those in the cloud, SaaS applications, etc…” from Gary Sockrider, Director, Security Technology, NetScout.
As the number and complexity of threats grow, NetScout discovered a near-universal desire to simplify operational security processes. Ninety-two percent of respondents said that they were looking to reduce complexity in some fashion, with the top priority being component and workflow integration.
“Malicious actors are building and distributing simplified applications and services for carrying out DDoS attacks. In either case attackers need no technical knowledge to harm their intended target with the click of a button. Automation is also leveraged to increase the complexity and effectiveness of attacks. It is absolutely critical that defenders are leveraging the same techniques in this environment.” Says, Gary Sockrider.
At the heart of the report? The threefold increase in attacks against SaaS services (from 13 in 2017 to 41 percent) and third-party data centers and cloud services (from 11 to 34 percent).
Download the free report here.
Arti Loftus is an experienced Information Technology specialist with a demonstrated history of working in the research, writing, and editing industry with many published articles under her belt.
Edited by Ken Briodagh