Carriers and ISPs fear rise in DDoS attacks in 2010

The number one problem facing carriers and their customers over the coming year will be botnet-driven distributed denial-of-service (DDoS) attacks, according to Arbor Networks' fifth annual security report.

Arbor surveyed 132 large IP network operators globally, and found that more than a third of respondents believe that sophisticated DDoS attacks against services and applications will be the biggest threat in 2010, replacing large-scale botnet-enabled attacks.

There was also a reported rise in the size of DDoS attacks to a high of 49Gbit/s, up from 40Gbit/s in 2007, although this was a slow down in growth compared to recent years.

James Clegg, regional director for northern Europe at Arbor, warned that, although the attacks have slowed down, they are becoming more intelligent.

"Because DDoS attacks are now targeted at specific areas of web sites rather than the entire site, the speed of the attacks has not increased as dramatically because the more defined nature of the attacks means that speed is not as important," he said.

Clegg also argued that the rise in cloud-based attacks shows that firms must be more aware of security measures given the open nature of cloud services.

"With applications on cloud services, any security breaches are visible for all to see so businesses can no longer attempt to cover up any hacks. We've seen attacks like this take on a political nature recently, such as on Twitter or the Estonian and Georgian attacks of 2007," he said.

The report also uncovered grave concerns about the move from IPv4 to IPv6. Many companies are worried that a "perfect storm" is arising because they are not ready for the move, and admit to a lack of testing and deployment experience that could lead to vulnerabilities.

Others complained of missing IPv6 security features in routers, firewalls and other critical network infrastructure.

The findings will be backed up by a warning from the Number Resource Organisation today that IPv4 addresses will be exhausted within two years.

Many firms also said that several non-technical obstacles, such as a lack of skilled resources, management understanding and clearly-defined operational responsibilities, are preventing them from better managing threats.