Targeted attacks replace botnet floods in telco nightmares
Targeted attacks against backend systems have replaced botnet-powered traffic floods as the main concerns for security staff at telcos and large ISPs.
Only one in five of the 132 senior telco security experts quizzed by DDoS security and network management specialists Arbor Networks reported the largest attacks they observed as lying within the one-to-four Gbps range last year, compared to 30 per cent in 2008. The most potent DDoS attacks recorded in 2009 hit 49Gbps, a relatively modest 22 per cent rise from the 40Gbps peak reached in 2008.
Although botnet-enabled DDoS attacks the top operational threats faced by the network operators surveyed by Arbor this may change in future. One in three (35 per cent) of security managers at ISPs and telcos across the world quizzed by Arbor reckoned more sophisticated service and application-layer attacks are the biggest threat they face over the coming year.
By comparison, 21 per cent thought large-scale botnet attacks would be their single biggest problem during 2010.
Service level attacks, while also driven from compromised networks of zombie PCs, are designed to exploit service weaknesses, like back-end database flaws rather than simply flooding a site with more traffic than it can handle.
Several of the senior techies quizzed by Arbor reported prolonged (multi-hour) outages of prominent internet services last year as a result of application-level attacks. Systems targeted included distributed domain name system (DNS) rigs, load balancers and SQL server back-end infrastructures.