icon-1-darkicon-1-darkicon-1-lighticon-2-darkicon-2-lighticon-3-darkicon-3-lighticon-4-darkicon-4-lighticon-5-darkicon-5-lighticon-6-darkicon-6-lighticon-7-darkicon-7-lighticon-8-darkicon-8-lighticon-9-darkISOC-IconISOC-IconISOC-IconShapeISOC-IconISOC-IconISOC-IconPage 1icon-comma-darkicon-comma-lightFill 1ISOC-IconISOC-IconISOC-IconISOC-IconISOC-IconISOC-IconISOC-IconISOC-IconISOC-IconISOC-IconISOC-IconISOC-IconISOC-IconISOC-IconShapeISOC-IconISOC-IconISOC-IconBLOCKSISOC-IconISOC-IconISOC-IconISOC-IconLISTISOC-IconISOC-IconISOC-IconISOC-IconISOC-IconISOC-IconISOC-IconISOC-IconISOC-IconLEFTISOC-IconISOC-IconISOC-IconISOC-IconISOC-IconISOC-IconShapeDOWN ARROWSEARCHISOC-IconISOC-IconISOC-IconISOC-IconISOC-IconISOC-Icon-Dark-RGBISOC-Society-logo
‹ Back
Improving Technical Security 22 February 2013

A Glimpse into the State of Internet Security

Andrei Robachevsky
By Andrei RobachevskySenior Director, Technology Programmes

I just finished reading a recently published “Worldwide Infrastructure Security Report” by Arbor Networks. It is the eighth one in the series of annual reports produced by the company.

Much of the report is based on a survey of 130 respondents from a mixture of Tier 1, Tier 2/3, enterprise, and other types of network operators from all around the world. The survey shows some interesting trends, including the growing threat to and from the mobile world. While the connection speeds are increasing sharply, especially with the advance of the LTE, and new vulnerabilities are discovered on handheld devices, many mobile providers lag behind, continuing to be reactive.

Another visible change is a concern about the “advanced persistent threat” (APT), absent in the previous report. For those not familiar with the term, it represents “well-funded, organized groups of attackers, able to mount sophisticated attacks” as Mandiant describes them. They penetrate the victim’s infrastructure, remain there undetected for a long period of time stealing data, and vanish while leaving the back door open to come back later. They are not “hackers.”

While DDoS attacks continue to represent the most visible threat, their motivation, target, and impact are different from APT. According to the report the top three most commonly perceived motivations for DDoS attacks are political/ideological, online gaming, and vandalism/nihilism infrastructure. In contrast, the main objective of APT is espionage, motivated by political or commercial interests.

More than a quarter of Arbor’s respondents are concerned about APT, but it is not clear what they plan to do about that. With APT, conventional information security defenses don’t work. Detection, mitigation, and even cleanup of such attacks require different methods and strategy. And one should not forget about USB sticks and BYOD. Seems it may require a cultural change towards information security in a company.

There are also some trends measured by the Arbor’s ATLAS system. One of them is ATLAS Average Monitored Attack Sizes Month-By-Month.

The trend is clear and not surprising – a 55% increase over 20 months. This is an unfortunate trend, but let’s not forget that the Internet is growing, too.

Picture: ATLAS Average Monitored Attack Sizes Month-By-Month (January 2009-Present), source: Arbor Networks, Inc.

Interestingly, over the same period, the average speed of connections, according to Akamai’s State of the Internet Report, increased by 40-50% depending on the region. And the number of broadband subscriptions, according to ITU statistics, has also grown by a moderate 5-8% in Western Europe and North America to over 30% in Russia and China, for example.

Does the Internet outgrow the DDoS threat? I don’t think the numbers give an answer to that question; they are averages and in some way we are comparing apples and oranges. But the growth of the Internet is probably something we need to relate to when we look at the numbers in security reports.

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

New Routing Security Survey Shows Incidents and their Impacts
New Routing Security Survey Shows Incidents and their Impacts
Improving Technical Security15 December 2014

New Routing Security Survey Shows Incidents and their Impacts

Routing security incidents happen - for many network operators probably at least once a month, and probably close to 5%...

ENISA Report On Secure Routing And Network Resiliency
Deploy36023 January 2013

ENISA Report On Secure Routing And Network Resiliency

What is the state of our routing infrastructure and what can be done to make it more secure and resilient?...

ISPs Should Strongly Consider MANRS to Fight Cybercrime: World Economic Forum Report
ISPs Should Strongly Consider MANRS to Fight Cybercrime: World Economic Forum Report
Strengthening the Internet23 January 2020

ISPs Should Strongly Consider MANRS to Fight Cybercrime: World Economic Forum Report

A World Economic Forum (WEF) report released today recommends that Internet Service Providers (ISPs) should strongly consider joining the Mutually...

Join the conversation with Internet Society members around the world