Mobile operators have seen an increase in both DDoS attacks and attacks on their mobile infrastructure or users in the past year, driven in part by the proliferation of Internet of Things botnets, according to new data from Arbor Networks.
According to the “12th Annual Worldwide Infrastructure Security Report (WISR),” 74 percent of mobile operators surveyed reported the occurrence of attacks targeting their mobile infrastructure or users in 2016, up from 68 percent in 2015. The report indicated 72 percent of mobile operators also reported attacks targeting the Gi/SGi interface, an increase from 59 percent the year prior.
Additionally, 53 percent of service providers indicated they’re seeing more than 21 DDoS attacks per month (up from 44 percent in 2015), including 26 percent of mobile operators reporting more than 20 DDoD attacks per month. Around 21 percent of mobile operators told Arbor Networks they saw DDoS attacks that came from mobile users, an increase of 6 percentage points from the year prior.
But the number of attacks isn’t the only thing growing – the size is also increasing.
The report noted the size of DDoS attacks has grown at a compound annual growth rate of 68 percent over the past five years, with 2016’s largest attack clocking in at 800 Gbps compared to 2015’s 500 Gbps topper.
Arbor Networks’ Chief Security Technologist Darren Anstee also pointed out the emergence and proliferation of a new threat: IoT botnets. Sue to inherent security vulnerabilities, Anstee noted attackers can easily weaponize these connected devices.
“The survey respondents have grown accustomed to a constantly evolving threat environment with steady increases in attack size and complexity over the past decade,” Anstee commented. “However, IoT botnets are a game changer because of the numbers involved. There are billions of these devices deployed, and they are being easily weaponized to launch massive attacks.”
To combat these risks, Arbor Networks noted service providers are increasingly using purpose-built DDoS protection solutions and security best practices. The result, the survey found, is that 77 percent of service providers reported being able to mitigate attacks in less than 20 minutes.
Arbor Networks’ WISR survey data was based on 356 responses from a mix of Tier 1, Tier 2, and Tier 3 service providers, hosting, mobile, enterprise, and other types of network operators from around the world. The data included in the report spans November 2015 through October 2016.