"For the most part, if you read the press you don't hear about DoS as much, so people jump to the conclusion that it's not happening. But it's still out there," said the researcher. "The attacks may only be targeted at a small group of sites, but that can also help to increase the significance of the impact to the provider involved based on the more narrow focus."
Despite the lingering threat of DoS, ISPs have become better equipped at warding off the attacks and protecting their customers, and often times have begun charging for premium services to address the issue, according to Arbor.
As opposed to five years ago, when infrastructure players often had to scramble to respond to DoS campaigns as they emerged, Labowitz said most sizable companies now have appropriate procedures and equipment to at least partially deflect the assaults.
"Even though 90 percent of the attacks are a soft threat at this point, some of those remaining attacks are bigger than anyone can handle easily -- even some of the big guys," said Labowitz.
Arbor predicts attacks on Internet telephony services will represent one of the next immediate pain points for infrastructure players. Only 20 percent of the companies surveyed for the report said they had any gear in place to detect VoIP threats. Only 11 percent reported that they had any plans or tools in place to mitigate VoIP-based attacks.
"We haven't seen many of these threats yet, but we know the proof-of-concepts are out there," said Labowitz. "With the amount of VoIP infrastructure that is being deployed, the ISPs and telephony providers will need to ensure that they have something in place to protect those networks from attack."