Internet security – Chinese military defence hackers; increasing DDOS attacks

Internet security is a major concern addressed in these articles from Forbes and Dark Reading. Forbes addresses the problem of cyberspies hacking into networks of private companies, especially major US defence contractors with China fingered as the most likely perpetrator. This is rarely, if ever, publicly discussed for several reasons, one being “‘reporting an event like this would kill your stock price,’ says a source close to the military contractor industry who asked not to be named.”Meanwhile Dark Reading addresses the issue of “increasingly-intense distributed denial-of-service (DDOS) attacks on ISP backbones are surpassing providers’ capacity and knocking customers offline, according to a new survey of service providers by Arbor Networks.”Dark Reading goes on to say “While most large ISPs have upgraded their backbones to 10-Gbit/s speeds over the past two years, three respondents said they have experienced sustained attacks from 20- to 22 Gbit/s, and one hosting services provider in the survey reported a 24-Gbit/s DNS-targeted attack. The most powerful sustained attack previously was 17 Gbit/s, which was reported in last year’s survey by Arbor.”The article also quotes Danny McPherson, chief research officer for Arbor Networks saying, “Most enterprises have a less than 1-Gbit/s connection to the Internet, so this would overwhelm them.” The final paragraph says “There are a couple of vulnerable hotspots on service provider backbones: More than half said they had no way to detect or mitigate DNS attacks, and nearly 90 percent don’t have the ability to protect VOIP.”Meanwhile, in Forbes, “‘There’s been a massive, broad and successful series of attacks targeting the private sector,’ says Alan Paller, director of the SANS Institute, a Bethesda, Md.-based organization that hosts a response center for companies with cybersecurity crises. ‘No one will talk about it, but companies are creating a frenzy trying to stop it.'”To read the Forbes article, Cyberspies Target Silent Victims, see www.forbes.com/technology/2007/09/11/cyberspies-raytheon-lockheed-tech-cx_ag_0911cyberspies.html while the Dark Reading article is available from www.darkreading.com/document.asp?doc_id=133973The Arbor security report news release is below:

Arbor’s Worldwide Infrastructure Security Report Highlights Growing Threats to ISPs

VoIP Vulnerabilities and Rise of Managed Services Also Highlighted in ReportArbor Networks, a leading provider of network security and operational performance for global business networks, released its third-annual Worldwide Infrastructure Security Report today in cooperation with the network security and operations communities. For the first time, botnets surpassed distributed denial of service attacks as the top threat identified by service providers.Arbor Networks has long-standing customer relationships with more than 70% of the global service provider community, which enabled the company to gather input from 70 self-classified tier-1, tier-2 and hybrid IP network operators in North America, Europe and Asia for this year’s report. Based on a 12-month period from July 2006 through June 2007, the results of the survey are designed to provide practical data to network operators so that they can make informed decisions about the use of network security technology to protect their mission-critical infrastructure.Key findings from the report include:Bots Overtake DDoS as Chief Security Concern
Unlike Arbor’s previous editions of the survey, bots and botnets are now considered the most significant operational threat by ISPs, with distributed denial of service (DDoS) attacks coming in a close second. This year, a much larger percentage of the respondent pool believed bots and botnets to be a larger threat than DDoS attacks, perhaps providing some indication that botnet activity – beyond just that of DDoS – is more frequently impacting network security operations.DDoS Attacks Going Pro
While mid-level DDoS attacks have plagued the Internet since 2000, survey respondents report a widening gap between common mid-level “amateur” attacks and multi-gigabit “professional” efforts involving tens of thousands of zombie hosts. Most surveyed ISPs reported significant improvements in the sophistication and coordination of DDoS attacks.Attacks Outpace ISP Network Growth
During the last two years, most top-tier service providers completed significant investments in backbone infrastructure – upgrading links from OC12/48 (2 gigabits per second; Gbps) to OC192 (10 Gbps). However, surveyed ISPs reported sustained attack rates exceeding 24 Gbps – more than double the size of these recently upgraded links. Given that most individual core Internet backbone links today are no larger than 10 Gbps, most of the larger attacks today still inflict collateral damage on infrastructure upstream from the targets themselves.VoIP is Vulnerable
Only 20 percent of ISPs surveyed currently have specific tools or mechanisms to monitor and detect threats against VoIP. This finding points to a vulnerability that service providers must address in the coming months.Rise of Managed Security Services
As more mission-critical services are being converged onto IP-based networks, the demands on service providers to provide “clean pipe” services is escalating. This year’s survey found a significant increase in the number of service providers offering managed DDoS detection and mitigation services. More than one third of surveyed providers reported offering DDoS managed security services; another one third indicated they plan to roll out such services in the next 24 months to better protect the networks of enterprise customers.Conclusions
“Given that over half of the surveyed ISPs believe that they can effectively mitigate most Internet attacks against their backbone infrastructure and customers, many ISPs now believe they are ahead of the curve,” said Danny McPherson, Arbor Networks chief research officer. “But all of this ISP optimism about infrastructure security should be tempered by the survey data on emerging critical infrastructure. Over half of surveyed providers said they had no means to either detect or mitigate attacks against DNS, and close to 90 percent have no means to protect critical VoIP infrastructure. One thing we know about cyber criminals is that they adapt and look for weaknesses. When it comes to network security, complacency should never be part of the equation.”This news release is available at arbornetworks.com/en/news-releases/arbor-s-worldwide-infrastructure-security-report-highlights-growing-threats-to-2.html

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.