The term “heist” conjures up images of slick professionals outsmarting and conning banks, government agencies, casinos, organisations and individuals, before robbing them and getting away with wads of cash. The film industry has, in general, established the genre as glamorous, electrifying, romantic and even nostalgic.
Money and data hits are not figments of writers’ imaginations though, and have been happening for millennia since lenders made loans and accepted deposits and changed money, and companies held priceless records.
“The advent of the digital age has seen a new twist added to this type of criminal activity: computer security breaches, or rather cybercrime, and sadly this is neither romantic nor thrilling, but rather terrifying, and puts the abovementioned entities at greater risk than ever before. Also, it is happening on both a small and a grand scale. And, it is happening regularly,” says Bryan Hamman, territory manager for sub-Saharan Africa at Arbor Networks.
According to Verizon’s 2015 Data Breach Investigations Report (DBIR), to which 70 organisations contributed, “cyber-attacks are becoming increasingly sophisticated, but many criminals still rely on decades-old techniques such as phishing and hacking. According to this year’s report, the bulk of the cyberattacks (70%) use a combination of these techniques and involve a secondary victim, adding complexity to a breach.”
Using information collated late last year, Arbor Networks, whose security products are exclusively distributed by Networks Unlimited in South Africa and sub-Saharan Africa, released its tenth annual Worldwide Infrastructure Security Report (WISR) at the start of 2015, and found that DDoS attacks against customers remain the number one operational threat to service providers. Attacks against infrastructure continue to grow in prominence.
The report points out that Arbor Networks has over the last 10 years “had the privilege of tracking the evolution of the Internet and its uses from the early adoption of online content to today’s hyper-connected society. We’ve witnessed an explosion in the volume of traffic, variety of applications and number of connected devices—along with significant changes in the threat landscape.
It draws attention to the fact that when the first Arbor Networks’ worldwide infrastructure security survey was conducted in 2004, the corporate world was on watch for self-propagating worms like Slammer and Blaster that had devastated networks the year before. “Back then data breaches were most likely carried out by employees who had direct access to data files. Today’s organisations have a much wider and more sophisticated range of threats to worry about—and a much broader attack surface to defend,” states the report.
“From the WISR, we can see that attackers now have access to tool kits that allow them to easily use and customise a variety of mechanisms to achieve their goals. Localised cybercriminals and script kiddies have given way to organised crime, cyber enterprises and nation states. Use of the Internet is now ubiquitous, with cloud services becoming the backbone of many companies. Social media has flourished, and our personal information has become more widely available. The business impact of a success¬ful DDoS attack or breach can be devastating. Clearly the stakes are much higher now,” continues Hamman.
Illustrating the threat landscape then and now, WISR cites that:
* Mostly a nuisance and nothing more than an independent event a decade ago, distributed denial-of-service (DDoS) is now a very serious threat to business continuity and the bottom-line. DDoS attacks today are now components of complex, often long-standing advanced threat campaigns.
* Application-layer attacks were experienced by 90% of respondents in 2014. Ten years ago, 90% of respondents cited simple “brute force” flood attacks as the most common attack vector.
* The human element continues to be a factor in defensive capabilities – not just today, but throughout the last 10 years of WISR reporting. Just in the past year alone, 54% of respondents reported difficulty hiring and retaining skilled personnel within their security organisations.
* The largest DDoS attack reported in 2014 was 400Gbps; 10 years ago the largest reported attack was a mere 8Gbps.
As the threat landscape has evolved, so has the survey behind this report. Over 280 network operators participated in this year’s report, rep¬resenting a wide spectrum of geographies and business focuses. This diversity gives the report sufficient representation from various areas of interest to produce statistically relevant data.
The results of the survey are, as always, quite interesting. In many areas, the results are consistent with those of previous years, or they follow a steady trend. For instance, the size and frequency of DDoS attacks continue to grow, with the mechanisms used and motivations behind them becoming more diverse. Some respondents continue to use state-dependent tools such as firewalls in their DDoS defences, despite data spanning years that shows this approach is not effective.
In other areas of the survey, the results are markedly different from previous years. For example, the application of best practices for defense, the proportion of respondents who practice incident response regularly, the use of intelligent DDoS mitigation systems (IDMS) in data centres and the growth of IPv6 show quite different results year over year.
“Arbor Networks’ goals in conducting the survey and generating this annual report are to educate the broader community on the threats that are out there, and to provide a forum for sharing how today’s service providers and end-user organisations are dealing with them,” says Hamman.