Skip to content ↓ | Skip to navigation ↓

2017 promises to be the most challenging year yet for information security professionals. The security community will need to defend users and organizations against a host of new digital threats. In preparation for the year ahead, infosec experts should take a moment to reflect on the operational hurdles confronting them and the strategies they can use to overcome those obstacles.

Arbor Networks, a developer of network security and network performance software, thinks this is a good idea. That explains why the company published its 12th annual Worldwide Infrastructure Security Report (WISR). The study offers insights provided by 356 professionals from tier 1 and tier 2/3 service providers, as well as hosting, mobile, enterprise and other types of network operators located around the world. Two-thirds of those participants identified as security, network, or operations personnel. Their answers cover November 2015 through October 2016.

Each iteration of WISR highlights a range of security-related issues, including threat detection and incident response. Even so, these topics all operate in the shadow of the report’s perennial headliner: distributed denial-of-service (DDoS) attacks. It’s not hard to understand why. We saw a lot of DDoS campaigns in 2016. Some of the offensives, most notably the attack against Dyn, changed the way we perceive other aspects of security. It’s therefore only logical to take a closer look at this threat on an annual basis.

Supportive of this viewpoint, Arbor Networks analyzed the evolving DDoS threat landscape in this year’s study. It arrived at three important findings. These are as follows: first, Internet of Things (IoT) botnets are fueling a rise in DDoS attacks; second, attacks are having a greater impact on target organizations; and third, companies are seeking to strengthen their anti-DDoS posture.

Ramping Up DDoS Attacks with IoT Botnets

IoT botnets, such as those assembled by Mirai and other malware families, have helped created a new generation of powerful DDoS attacks. To illustrate, Arbor Networks detected a campaign whose attack traffic peaked at 800 Gbps – about 60 percent larger than the peak attack size detected in 2015. Overall, DDoS attacks have increased 7,900 percent in size since 2005.

Infected IoT devices aren’t the only contributor behind larger DDoS attacks, either. Bad actors are also increasingly using reflection amplification to multiply the size of attack traffic hundreds of times. Those techniques come with the bonus of hiding the original attack source.

At the same time, organizations are seeing attack campaigns that are more frequent and complex in nature. For instance, more than half (53 percent) of respondents to the WISR reported seeing 21 DDoS attacks against their organization per month. That’s up from 44 percent a year earlier. Many of those attacks leveraged multiple vectors as a tactic to stress an organization’s network defenses. Indeed, 67 percent of security professionals told Arbor Networks they saw those kinds of complex attacks in 2016.

DDoS Campaigns and Their Increasing Impact

Given the growing sophistication, size, and frequency of DDoS attacks, it’s no wonder Arbor Networks’ report found that these campaigns are causing a wider range of consequences. Dyn is by far the most immediate example of this trend. Even so, other organizations have also reported costs the likes of which we’ve never seen before.

Here’s a small taste:

  • More than half (61 percent) of data center/cloud providers reported attacks that fully saturated data center bandwidth.
  • Approximately a quarter of that same group of respondents said attacks exceeded 100,000 USD. Five percent noted costs that surpassed one million USD.
  • Close to half (41 percent) of enterprise, government, and education (EGE) respondents told Arbor Networks that at least one DDoS attack exceeded their total internet capacity. Those types of attacks resulted in downtime costs above $500/minute.

Taking a Stand against the DDoS Threat

Organizations and SaaS providers finally realize that DDoS attacks won’t be going away anytime soon. For that reason, customers are demanding that infrastructure security solutions come with DDoS protection capabilities. Many SaaS providers have heard and fulfilled those requests.

Consequently, 83 percent of service providers are now using intelligent DDoS mitigation solutions (IDMS); almost as many employ IDMS to mitigate IPv6 attacks. Additionally, 57 percent of those organizations carry out defense simulations. That’s about the same number as those EGE respondents that regularly conduct tests (55 percent).


DDoS attacks are a persistent force in the digital threat landscape. Organizations should recognize this fact and make sure they have protection technologies in place for 2017. If they already have such measures in place, they should conduct attack simulations on a regular basis.

Even so, DDoS campaigns are just one of many threats facing organizations in the new year. There’s plenty of other challenges confronting enterprises going forward. To gain a comprehensive view of those obstacles, please download Arbor Networks’ report here.