According to the fourth Worldwide Infrastructure Security Report from Arbor Networks, published today, malicious attacks on networks are continuing to rise at an alarming rate. While that is no great surprise, the fact that during 2008 Distributed Denial of Service attacks have peaked at 40 Gbps most certainly is.

Arbor's fourth annual Worldwide Infrastructure Security Report includes responses from nearly 70 IP network operators in North America, South America, Europe and Asia. It has revealed that during the last couple of years the largest sustained DDoS attacks were 24 Gbps and 17 Gbps, and according to Arbor Networks this represents a 67 percent increase in attack scale over 2007 and nearly two and a half times the largest attack reported in 2006. If you want really impressive numbers, it is a 100-fold increase since 2001.

Even at the lower end of the sustained attack scale, some 36 percent of survey respondents have reported observing them larger than 1 Gbps during 2008. That in itself is double the previous years figures. And, of course, a 1 Gbps sustained DDoS attack is damaging enough.

Danny McPherson, chief security officer for Arbor Networks told us "The growth in attack size continues to significantly outpace the corresponding increase in underlying transmission speed and infrastructure investment. While most ISPs now have the infrastructure to detect bandwidth flood attacks, we found that many still lack the ability to quickly mitigate these attacks; only a small percentage of the providers we surveyed said they have the capability to mitigate DDoS attacks in 10 minutes or less."

And even less have the kind of infrastructure needed to be able to satisfactorily defend against a 40 gigabit flooding attack!

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.