Jail-broken iPhones compounding DDoS threat

Last year saw a huge increase in distributed denial-of service (DDoS) attacks, thanks in part to a proliferation of internet connected devices vulnerable to infection such as jail-broken iPhones, according to the latest annual survey from Arbor Networks.

The firm's sixth Network Infrastructure Security Report draws its findings from service providers, enterprises, DNS operators and other infrastructure players across the globe.

It revealed a return to pre-2009 DDoS levels, with a 102 per cent year-on-year increase in attack size, and attacks crossing the 100Gbit/s barrier for the first time.

To put this in perspective, typical transatlantic links operate at 10Gbit/s, so an attack of 100Gbit/s could saturate 10 of those links, according to Arbor product manager Paul Scanlon.

HTTP and DNS remain the top targets for attack, although HTTPS, SMTP and SIP/VoIP attacks are becoming more common, the report found.

"The threat volume and scope is increasing compared to the amount of defences in place," said Scanlon.

"Basically the threat-to-defence gap is widening. Sadly security is still often an afterthought, not included in the design or operational phase. Security teams feel like they're in a constant state of emergency."

Scanlon attributed the spike in DDoS activity, which interestingly was charted before the well-publicised Operation Payback attacks at the end of the year, to huge numbers of new users and devices coming online and being infected to become part of botnets.

"There are whole new populations of infected or infectable systems and new user groups," he said.

"For example we think there are about five per cent infection rates on iPads and seven per cent on iPhones so far."

Scanlon explained that the growing trend for jail-breaking devices is driving up these infection rates and helping to grow botnet numbers.

An explosion in user bases in emerging markets could also be to blame for the growth in DDoS attacks, although Scanlon warned that more users' PCs in Western countries are actually compromised and used in DDoS attacks.

The growth of mobile networks is also causing concern among Arbor's analysts. Some 55 per cent of mobile respondents suffered outages last year owing to security incidents, and over half admitted that they have limited visibility into their mobile network.

"The techniques being used to secure mobile networks are eight to 10 years behind wireline networks," Scanlon said.

The report also warned that the imminent move to IPv6 could cause security problems owing to a lack of transparency in the connections between IPv4 and the new protocol.

"If you can't see something it's really hard to secure," Scanlon explained. "People are struggling to see what happens on IPv6 networks and, as the two are intermingled, it gets harder."