Arbor Networks has released its annual report on security threats and the way service providers and enterprises have responded to them. Dubbed "The Worldwide Infrastructure Security Report (WISR)," it reveals that DDoS attacks now pose a huge threat to businesses.
A distributed denial of service (DDoS) attack occurs when a group of attackers executes a concerted campaign that would command millions of PCs to focus on a single website or application. This will cause the site to be flooded with service requests, which would eventually cause it to go offline.
According to the report, the largest of such attack was recorded at 400Gbps in 2014. A decade ago, the largest DDoS attack was only at 8Gbps.
Arbor Networks gathered 287 responses from network operators worldwide to come up with the report. These include a mix of Tier 1 and Tier 2/3 service providers, mobile and hosting enterprises.
Ninety percent of the respondents declared having experienced attacks on the application layer in 2014. Forty-two percent of the attacks involved a mix of volumetric, application-layer along with exhaustion techniques in a single attack. Forty-two percent of the respondents experienced over 21 attacks a month, which showed an increase of 38 percent from what was reported in 2013.
"Today, organizations have a much wider and more sophisticated range of threats to worry about, and a much broader attack surface to defend," said Darren Anstee, networks director of Solutions Architects at Arbor. "The business impact of a successful attack or breach can be devastating -- the stakes are much higher now."
The 2015 WISR also stated that apart from the 400Gbps threshold of attack, other large events were measured at 300, 200, and 170Gbps. Six respondents reported attacks belonging to more than the 100Gbps threshold.
During the survey period of November 2013 to October 2014, almost half of the respondents had seen DDoS attacks; almost 40 percent of them reported a saturation in their Internet connectivity.
Brian Krebs, a journalist and security analyst, said that attacks of between 200 and 400Gbps are "the new normal." His own site had reportedly suffered the said DDoS attacks.
In reality, DDoS attacks seemed to have become a regular occurrence that it now forms part of the lexicon.
"I've been doing this job for eight years," said Krebs. "In the beginning no one outside IT knew what a DDoS was. Now people talk about it at dinner parties."
Arbor also reported that attacks on cloud services have also increased. Data centers have also been targeted, resulting in revenue losses among 44 percent of data center operators.