Heated discussions surrounding cybersecurity have been put near the front of political agendas in recent months as stakeholders evaluate the digital safety of the nation’s critical infrastructure. Enterprises have also had to contend with a growing variety and volume of threats with the proliferation of crimeware kits and rentable botnets. Data Center Knowledge Contributor Bill Kleyman pointed out that the widespread adoption of cloud technology likely means that service providers will soon become a popular target.
One of the emerging trends in the cybersecurity world is the growing sophistication of distributed-denial-of-service attacks. DDoS attacks have been in the news for causing widespread disruption in the U.S. financial sector over the past year. As NBC News pointed out, the threat became severe enough in September 2012 that the Financial Services Information Sharing and Analysis Center raised its alert level from “elevated” to “high.” In addition, at least three large banks were plagued by website performance issues or outages. What is more concerning than the attacks is their escalation when compared to typical DDoS threats. Analysts from Arbor Networks noted that this particular wave of attacks achieved 60 Gbps bandwidth usage, compared with the one to four Gbps of more common DDoS traffic.
These attacks are unique in scale, but may signal future attacks that are equally disruptive. Kleyman also pointed out that DDoS threats often come with the secondary motive of installing malware designed to steal data. Particularly as cloud hardware houses a growing volume of sensitive information, he stressed that data center operators will need to take measures to guard against DDoS campaigns.
“Fueled by innovations like do-it-yourself botnet construction kits and rent-a-botnet business models, the growth of botnets has skyrocketed and botnet products and services are now brazenly advertised and sold on the Internet,” Kleyman wrote. “As many as one quarter of all personal computers may now be participating in a botnet, unknown to their owners.”
Looking inside a botnet
In its analysis of the Anatomy of a Botnet, Arbor Networks yielded some insights as to the motivations and structure behind some of these threats. Just as businesses have benefited from rapidly advancing technology, cybercriminals have been able to leverage more powerful tools. A trend analysis found that DDoS attacks have grown significantly in size and frequency over the past couple years. For example, the largest recorded size in 2009 was just under 50 Gbps, but that number increased to 100 Gbps in 2010.
The report also looked at some of the more prolific botnets, including Mariposa, which once had 12 million machines under its control. Often times, users are unaware that their computers are being used for such purposes. Researchers emphasized the importance of using a variety of tools for identifying cyberthreats, as traditional solutions are not always effective when used alone. For example, the Arbor Security Engineering and Response Team (ASERT) uses network behavior analysis in concert with antivirus software to identify abnormal activity and potential malware risks. In some cases, the company’s network analysis will reveal the existence of malware before traditional security solutions can detect a new strain.
“Because no single entity can analyze and gain expertise in all types of malware or threats, each of these security organizations typically specializes in a specific type of threat,” the report stated. “For example, ASERT specializes in the analysis of botnets and DDoS attacks and relies on other expert organizations in the security community for information regarding other types of threats.”
As the cloud’s momentum continues, the infrastructure that provides these services will need to be protected. Just as security companies such has Arbor networks have realized the need for collaboration, similarly open discussions among cloud storage companies may be able to mitigate the risk of outages or data leaks.