ISPs: Botnets And DoS Attacks Top List of Fears - InformationWeek
Software // Enterprise Applications
09:36 AM

ISPs: Botnets And DoS Attacks Top List of Fears

The top security concerns of Internet service providers are botnets and professional-level distributed denial-of-service attacks, according to a survey of 70 ISPs.

Botnets and distributed denial-of-service attacks are the biggest security concerns for Internet service providers, according to a new study.

Arbor Networks, a network security company, and the University of Michigan released the results of the third annual Worldwide Infrastructure Security Report this week. After surveying 70 ISPs on the security issues facing Internet backbone operators, the team reported that 73% of Tier One and Tier Two ISPs and cable operators think they're doing a good job battling the bad guys.

However, the battles keep changing.

This year, the ISPs report that their top security concern is dealing with the growing number of botnets that are buffeting the Internet with spam, phishing attacks, and denial-of-service (DoS) attacks. And the ISPs aren't allow in their fears. According to the FBI, because of their widely distributed capabilities, the government considers botnets a growing threat to national security, the national information infrastructure, and the economy.

The foundation of a botnet is built when hackers and malware writers conspire to infect computers around the world with viruses and Trojans that allow them to remotely control the victim machines. Then they amass thousands or hundreds of thousands of these zombie computers, creating great armies -- or botnets -- of them. Most of the owners of the zombie machines don't even know they have been infected or that their machines are being controlled by someone else.

The problem seen as the second biggest operational threat is the distributed denial-of-service attacks that these botnets are increasingly launching. These attacks were at the top of ISPs' concern list last year.

The ISPs noted in the survey that the big DDoS attacks appear to have gone pro. Arbor's analysts noted that while mid-level DDoS attacks have plagued the Internet since 2000, survey respondents said they've seen a widening gap between common mid-level "amateur" attacks and multi-gigabit "professional" efforts involving tens of thousands of zombie hosts.

This news comes out as the massive Storm worm botnet gains size and increasingly launches DoS attacks. Researchers' estimates as to the size of the botnet vary wildly, ranging from 1 or 2 million up to as many as 50 million. Whatever the exact size, security professionals say the botnet herders are in a position to launch highly damaging attacks because the botnet is so large and dispersed.

Adam Swidler, a senior manager with security company Postini, said in an earlier interview with InformationWeek that if the Storm worm bosses focused a denial-of-service attack on a company, Internet service provider, or government agency inside the United States, it could do a great deal of damage. "I think there's no question they could damage any single company, whether through a DoS attack or a spam barrage," he said.

Danny McPherson, Arbor Networks chief research officer, said in a statement that this is not the time for ISPs to become overly confident about their defenses. "One thing we know about cyber criminals is that they adapt and look for weaknesses," he said. "When it comes to network security, complacency should never be part of the equation."

The study also showed that only 20% of ISPs surveyed currently have specific tools or mechanisms to monitor and detect threats against voice over IP services. This, according to Arbor, points to a vulnerability that service providers need to address in the coming months.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll