Cloud services coming under increasing DDoS attack

News James Stirling Jan 29, 2013

New report sheds light on cyber criminals targeting cloud-based infrastructure

Cloud services and data centres are coming under increasing attacks from hackers and defending such infrastructure against the bad guys remains an uphill struggle.

DDoS threats are changing from clumsy battering rams into sophisticated, long-lived, multi-vector attacks, according to the eighth Worldwide Infrastructure Security Report by IT security firm Arbor Networks.

Nearly half of research respondents experienced DDoS attacks targeted at their data centres during the survey period.What's more, some 94 per cent of these respondents reported seeing DDoS attacks regularly.

As more companies move their services to the cloud, they now have to be wary of the shared risks and the potential for collateral damage, according to Arbor Networks.

Its research found that e-commerce and online gaming sites were the most common targets and warned that sharing data centres with such organisations brought some risk.

The top three motivations for DDoS attacks are political, gaming and vandalism, accoridng to Arbor Networks.

More than three-quarters of survey participants experienced DDoS attacks directed at their customers within the survey period. Over half reported seeing DDoS attacks against internet services (DNS, email, etc.) and network infrastructure, which is up on the same period a year previously.

Just under half of all respondents saw actual infrastructure outages due to DDoS. This, the report said, illustrated the threat DDoS attacks pose to internet service availability and demonstrates the disparity in defence capabilities that internet operators have available.

The second highest threat experienced in the last 12 months was outage due to failure or misconfiguration.

“This has been consistently experienced by 60 per cent of survey respondents for the last three years, indicating that this problem does not appear to be going away or improving substantially,” the firm said.

But the report found that just 53 per cent of organisations referred any such attacks to law enforcement agents. The most common excuses for not reporting such attacks included a lack of resources and time, low confidence in law enforcement investigative efficency and corporate policies.