DDoS attacks against customers remain the number one operational threat to service providers, although attacks against infrastructure continue to grow in prominence, According to Arbor Networks 10th annual Worldwide Infrastructure Security Report, released earlier this year. Let’s examine why.
At the beginning of 2014 we saw a dramatic increase in DDoS attack activity with possibly the most concentrated storm of large attacks that has ever been seen on the Internet. The majority of these attacks leveraged a reflection amplification technique using the Network Time Protocol (NTP), Simple Service Discovery Protocol (SSDP) and DNS servers, with large numbers of significant attacks being detected all around the world.
Reflection amplification is a technique that allows an attacker to both magnify the amount of traffic they can generate, and obfuscate the original sources of that attack traffic. This technique relies on two unfortunate realities: firstly, around a half of service providers do not implement filters at the edge of their network to block traffic with a ‘forged’ (spoofed) source IP address; secondly, there are plenty of poorly configured and poorly protected devices on the Internet providing UDP services that offer an amplification factor between a query sent to them and the response which is generated.
Just how dramatic has been the increase in DDoS attack size? Globally, DDoS attack size has grown 4,900 percent in past 10 years. The Middle East region follows the global trend in both attack size and the use of various reflection amplification techniques.
Mid-East DDoS Attack Overview
Very few enterprises can withstand DDoS attacks of this size. In turn, they are increasingly looking to their service providers for DDoS mitigation support. This has led service providers to invest in and launch DDoS mitigation services. Etisalat, STC, Ooredoo, Fasttelco and Omantel are but few examples of some regional providers who have recently launched a DDoS mitigation service for their enterprise customers.
With attacks approaching 100Gbps in the region, and 400Gbps globally, DDoS also poses a significant operational threat to the availability and performance of service provider networks. This unwanted, malicious traffic takes up bandwidth meant to carry legitimate IP-based services to customers. It can impact both the quality and availability of these services. It is in the provider’s interest to mitigate this traffic, free up bandwidth for legitimate, revenue generating services.
The bottom line is that DDoS has remained a resilient attack method for more than a decade. With the recent explosion in DDoS attack size, it presents a significant operational threat to enterprise networks that rely on Internet connectivity for revenue generation, as well as back office applications that the business relies on, such as email, sales force automation, CRM and others. For service providers, DDoS represents both a challenge, and an opportunity.
The challenge is mitigating these attacks so they can deliver high quality, revenue generating services their customers rely on. The opportunity is to meet a clear need of their customers, by delivering DDoS mitigation services.
Mahmoud Samy is regional director High Growth Markets (Russia, CIS and Middle East) at Arbor Network.