By Channel Partners Staff

Denial-of-Service (DDoS) attacks that leveraged Internet of Things (IoT) devices were favored heavily by criminals in the last year. Meanwhile, executives took more notice of the cost and consequence of cybercrime in the enterprise and struggled with staffing issues that impacted their ability to mitigate threats according to NETSCOUT Arbor’s 13th Annual Worldwide Infrastructure Security Report (WISR).

“Attackers focused on complexity this year, leveraging weaponization of IoT devices while shifting away from reliance on massive attack volume to achieve their goals,” said Darren Anstee, NETSCOUT Arbor chief technology officer. “Attackers have been effective, and the proportion of enterprises experiencing revenue loss due to DDoS nearly doubled this year.”

The WISR survey data is based upon 390 responses from a mix of Tier 1, Tier 2 and Tier 3 service providers, hosting, mobile, enterprise and other types of network operators from around the world, and covers November 2016 through October 2017.

The highlight of the data focuses largely on the exploitation of IoT devices that lead to more complex DDoS attacks. The issue is reminiscent of the high-profile Mirai botnet attack in 2016, during which the malware involved would continuously scan the internet for the IP address of Internet of things (IoT) devices, such as security cameras and digital video recorders, and then “enslave” them for use in a widespread denial-of-service attacks on various web sites.

The WISR found 57 percent of enterprise and 45 percent of data-center operators saw their internet bandwidth saturated due to DDoS attacks. There were 7.5 million DDoS attacks in 2017, according to data from Arbor’s ATLAS infrastructure, which Arbor says covers approximately one-third of global internet traffic. Service-provider respondents experienced more volumetric attacks while enterprises reported a 30 percent increase in stealthy application-layer attacks.

“This year, we’ve seen increasing sophistication of IoT-based botnet attack capabilities. These modern botnets are capable of delivering sophisticated attacks that include application-layer, volumetric, and complex multi-vector DDoS attacks,” said Gary Sockrider, principal security technologist with Arbor Networks. “Easy-to-use DDoS for hire services have helped make more sophisticated multi-vector DDoS attacks increasingly common.”

The C-suite Takes Note

High-profile DDoS attacks have led to a better understanding of the threat at the executive level, according to Arbor officials. In 2017, 77 percent of enterprise organizations reported that DDoS was either a part of their business or their IT risk assessments. Arbor said this is a 70 percent increase from the previous year.

Another reason executives are getting involved — the consequences of a successful attack are rising. A majority of respondents cited reputation/brand damage as the main business impact and 56 percent saw a financial impact between $10,000 and $100,000, almost double the proportion from 2016, according to Arbor.

Staffing Issues Challenge Defense

The report points to ongoing issues with hiring, staffing and retention of skilled security talent, a problem felt by organizations around the globe. More than half of enterprise respondents (54 percent) said they have difficulty hiring and retaining skilled personnel.  As a result, more are relying on third-party and …

… outsourced services, with 38 percent of organizations noting that they look outside of their organization for security support.

Only 50 percent carried out defensive drills, and the proportion of respondents carrying out drills at least every quarter fell from 40 percent to 32 percent, according to the report.

“A consequence of staffing problems is that there is less time to conduct incident response training. Among service providers, the proportion that did not carry out defensive drills and had no plans to do so increased from 29 to 34 percent,” a summary of the report noted.

Automation Is the First Line of Defense

Pinched by staffing shortage, the report claims service providers have also increasingly turned to investment in technology that automates DDoS mitigation.  Among respondents, 88 percent of service providers use intelligent DDoS mitigation solutions as part of their strategy and 36 percent deploy technology that automates DDoS mitigation. Another 36 percent of service providers that responded said they have the ability to mitigate attacks using on-premises or always-on cloud services.