The eighth annual Worldwide Infrastructure Security Report from security provider Arbor Networks has revealed how cloud services and data centres are “increasingly victimised” by cyber attackers.
The report, which looked at a 12 month period ending September 2012, asked nearly 200 security-based questions to 130 respondents in the enterprise and network operator fields.
The key points of the research were:
- 94% of data centre operators reported security attacks
- 76% had suffered distributed denial of service (DDoS) attacks towards their customers, whilst just under half (43%) had partial or total infrastructure outages due to DDoS
- Yet only 14% of respondents had seen attacks targeting any form of cloud service
The result of this was that “complex multi-vector attacks” – combinations of attack vectors intending to hack away at a company’s defences – were on the rise, with big security breaches becoming less common. To exemplify this, advanced persistent threats (APTs) were cited by 55% of those surveyed as their top security concern.
The length of respondents’ attacks understandably varied, but some results were rather worrying – 6% of those surveyed said they had been victim of attacks which lasted longer than one month. What would you do if your business went down for an entire month?
Yet the results of this survey give further insight into the cloud security question.
“As more companies move their services to the cloud, they now have to be wary of the shared risks and the potential for collateral damage,” the report explains, adding: “With e-commerce and online gaming sites being the most common targets…sharing data centres with these organisations brings some risk.”
It seems like a reasonable conclusion – cloud services become very attractive propositions for DDoS attackers. Arbor isn’t the only company to have come to that conclusion either; Stratsec, in research published in October, summarised that some cloud providers are unable to block malicious attacks, leading to cyber hackers infiltrating systems in a botnet-styled attack.
The full report can be accessed here (requires registration). What should companies do in order to keep themselves fully secure in the cloud?