ISPs: Botnets And DoS Attacks Top List of Fears - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

ISPs: Botnets And DoS Attacks Top List of Fears

The top security concerns of Internet service providers are botnets and professional-level distributed denial-of-service attacks, according to a survey of 70 ISPs.

Botnets and distributed denial-of-service attacks are the biggest security concerns for Internet service providers, according to a new study.

Arbor Networks, a network security company, and the University of Michigan released the results of the third annual Worldwide Infrastructure Security Report this week. After surveying 70 ISPs on the security issues facing Internet backbone operators, the team reported that 73% of Tier One and Tier Two ISPs and cable operators think they're doing a good job battling the bad guys.

However, the battles keep changing.

This year, the ISPs report that their top security concern is dealing with the growing number of botnets that are buffeting the Internet with spam, phishing attacks, and denial-of-service (DoS) attacks. And the ISPs aren't allow in their fears. According to the FBI, because of their widely distributed capabilities, the government considers botnets a growing threat to national security, the national information infrastructure, and the economy.

The foundation of a botnet is built when hackers and malware writers conspire to infect computers around the world with viruses and Trojans that allow them to remotely control the victim machines. Then they amass thousands or hundreds of thousands of these zombie computers, creating great armies -- or botnets -- of them. Most of the owners of the zombie machines don't even know they have been infected or that their machines are being controlled by someone else.

The problem seen as the second biggest operational threat is the distributed denial-of-service attacks that these botnets are increasingly launching. These attacks were at the top of ISPs' concern list last year.

The ISPs noted in the survey that the big DDoS attacks appear to have gone pro. Arbor's analysts noted that while mid-level DDoS attacks have plagued the Internet since 2000, survey respondents said they've seen a widening gap between common mid-level "amateur" attacks and multi-gigabit "professional" efforts involving tens of thousands of zombie hosts.

This news comes out as the massive Storm worm botnet gains size and increasingly launches DoS attacks. Researchers' estimates as to the size of the botnet vary wildly, ranging from 1 or 2 million up to as many as 50 million. Whatever the exact size, security professionals say the botnet herders are in a position to launch highly damaging attacks because the botnet is so large and dispersed.

Adam Swidler, a senior manager with security company Postini, said in an earlier interview with InformationWeek that if the Storm worm bosses focused a denial-of-service attack on a company, Internet service provider, or government agency inside the United States, it could do a great deal of damage. "I think there's no question they could damage any single company, whether through a DoS attack or a spam barrage," he said.

Danny McPherson, Arbor Networks chief research officer, said in a statement that this is not the time for ISPs to become overly confident about their defenses. "One thing we know about cyber criminals is that they adapt and look for weaknesses," he said. "When it comes to network security, complacency should never be part of the equation."

The study also showed that only 20% of ISPs surveyed currently have specific tools or mechanisms to monitor and detect threats against voice over IP services. This, according to Arbor, points to a vulnerability that service providers need to address in the coming months.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll