According to recent report from Arbor Networks, the number of data center providers experiencing distributed denial of service attacks and the severity of those attacks increased enormously over the last year.
A distributed denial of service attack uses botnets and weaknesses in the security of network infrastructure to send massive amounts of data, swamping the bandwidth capabilities of Internet service companies and data centers. DDoS attacks are a huge burden for data centers, with costs incurred for mitigation attempts, degraded services, and lost revenue opportunities.
More than 70% of data centers experienced DDoS attacks over the last year, a large year-on-year increase. A third of data center providers who responded to the survey reported that they had experienced attacks that exceeded their available connectivity, which is a 33% increase on the previous year. Some unlucky data centers are experiencing over 100 attacks a month.
Most of the attacks result from familiar vectors. There are still far too many open DNS resolvers on the Internet. Open DNS resolvers are a problem because they allow attackers to make requests with spoofed IPs that return volumes of data far larger than that of the original request, amplifying the capabilities of attackers who would otherwise have difficulty generating enough bandwidth to make a dent on their targets.
Volumetric attacks are growing in severity, with several respondents reporting attacks of over 100 Gbps. The largest attack measured 309 Gbps, which is a tripling of the volume of last year’s largest attack.
Attacks that rely entirely on volume aren’t the only tool in the modern online criminal’s kit. Layer 7 attacks are also becoming increasingly common. These attacks focus on the application layer, often simulating real user-agents like browsers. These attacks do not require amplification to generate large amounts of data because they rely on excessive connections to services like web sites and authentication servers, rather than overloading the network level with massive bandwidth spikes.
Layer 7 attacks are pernicious because they’re difficult to mitigate. It can be challenging in the extreme to determine at the network level which requests to an application are genuine and which are the result of simulated users running on botnets. Most data centers are well equipped with firewalls and intrusion detection systems, but application level attacks are designed specifically to circumvent those measures.
24% of organizations were the victim of application layer attacks during the reporting period, with over 80% of those reporting that attacks were focused on HTTP. Half had experienced attacks against HTTPS services, which is a 17% increase on last year and a doubling over the last two years.
Clearly, data center providers have their work cut out for them. As mitigation efforts against volumetric attacks are increasingly successful and the availability of amplification attack vectors like open DNS resolvers wanes (which might be wishful thinking), we can expect to see an increase in attacks that focus on the application layer.
What tools and strategies are you using to mitigate DDOS attacks? Let us know in the comments!
Photo Credits: US Geological Survey