Improving Technical Security 22 February 2013

A Glimpse into the State of Internet Security

By Andrei RobachevskyFormer Senior Director, Technology Programmes

I just finished reading a recently published “Worldwide Infrastructure Security Report” by Arbor Networks. It is the eighth one in the series of annual reports produced by the company.

Much of the report is based on a survey of 130 respondents from a mixture of Tier 1, Tier 2/3, enterprise, and other types of network operators from all around the world. The survey shows some interesting trends, including the growing threat to and from the mobile world. While the connection speeds are increasing sharply, especially with the advance of the LTE, and new vulnerabilities are discovered on handheld devices, many mobile providers lag behind, continuing to be reactive.

Another visible change is a concern about the “advanced persistent threat” (APT), absent in the previous report. For those not familiar with the term, it represents “well-funded, organized groups of attackers, able to mount sophisticated attacks” as Mandiant describes them. They penetrate the victim’s infrastructure, remain there undetected for a long period of time stealing data, and vanish while leaving the back door open to come back later. They are not “hackers.”

While DDoS attacks continue to represent the most visible threat, their motivation, target, and impact are different from APT. According to the report the top three most commonly perceived motivations for DDoS attacks are political/ideological, online gaming, and vandalism/nihilism infrastructure. In contrast, the main objective of APT is espionage, motivated by political or commercial interests.

More than a quarter of Arbor’s respondents are concerned about APT, but it is not clear what they plan to do about that. With APT, conventional information security defenses don’t work. Detection, mitigation, and even cleanup of such attacks require different methods and strategy. And one should not forget about USB sticks and BYOD. Seems it may require a cultural change towards information security in a company.

There are also some trends measured by the Arbor’s ATLAS system. One of them is ATLAS Average Monitored Attack Sizes Month-By-Month.

The trend is clear and not surprising – a 55% increase over 20 months. This is an unfortunate trend, but let’s not forget that the Internet is growing, too.

Picture: ATLAS Average Monitored Attack Sizes Month-By-Month (January 2009-Present), source: Arbor Networks, Inc.

Interestingly, over the same period, the average speed of connections, according to Akamai’s State of the Internet Report, increased by 40-50% depending on the region. And the number of broadband subscriptions, according to ITU statistics, has also grown by a moderate 5-8% in Western Europe and North America to over 30% in Russia and China, for example.

Does the Internet outgrow the DDoS threat? I don’t think the numbers give an answer to that question; they are averages and in some way we are comparing apples and oranges. But the growth of the Internet is probably something we need to relate to when we look at the numbers in security reports.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Building Trust 21 February 2020

NDSS 2020: The Best in Security Research – For the Good of the Internet

On 23 February, the 27th consecutive Network and Distributed System Security Symposium (NDSS) kicks off in San Diego, CA....

Improving Technical Security 23 October 2019

Securing the Internet: Introducing Oracle Internet Intelligence IXP Filter Check

Oracle is an Organization Member of the Internet Society. We welcome this guest post announcing a new tool that...

Improving Technical Security 4 October 2019

Network Operators in Latin America and the Caribbean Take Steps to Strengthen Routing Security

2019 has been a very good year for the Internet in Latin America and the Caribbean. In May, during...