Computer Business Review

Gartner says 25% of DDoS attacks will be application based

Tineka Smith

16:56, February 21 2013

A report by Gartner predicts that the number of sophisticated attacks on e-commerce and financial industries will increase in 2013.

According to Gartner, during these incidents attackers will send out targeted commands to the memory of applications to make them unavailable.

"2012 witnessed a new level of sophistication in organized attacks against enterprises across the globe and they will grow in sophistication and effectiveness in 2013," said Avivah Litan, vice president and analyst at Gartner.

The report reveals that a sophisticated class of DDoS attacks were deployed against US banks in 2012 which made it impossible for bank customers and others to get to websites.

"A new class of damaging DDoS attacks and devious criminal social-engineering ploys were launched against U.S. banks in the second half of 2012, and this will continue in 2013 as well-organised criminal activity takes advantage of weakness in people, processes and systems."

Gartner predicts that high-bandwidth DDoS attacks will become the new norm and target unprepared enterprises in 2013.

The firm says that enterprises need to bolster their network configurations.

"To combat this risk, enterprises need to revisit their network configurations, and re-architect them to minimize the damage that can be done," said Litan. "Organizations that have a critical Web presence and cannot afford relatively lengthy disruptions in online service should employ a layered approach that combines multiple DOS defences."

Cyber criminals have taken attacks to a whole new level with several fraud scams involved criminals approaching people in person as law enforcement or bank employees to help them through 'account migration.' Victims who fell for the scams then had their bank accounts compromised.

Gartner suggests that bolstering fraud prevention and identity-proofing security will stop help social engineering attacks from growing. Prevention systems that that provide user or account behavioural profiling will also be useful.

Businesses should also educate their customers are best security practices to help them avoid phishing attacks and social engineering ploys.

"Enterprises are just beginning to open their eyes to the threats posed by DDoS attacks, as hackers take advantage of shortfalls in security wherever they find them," said Arbor's EMEA Solutions Architect Team Lead, Darren Anstee. "The attacks against a number of high profile U.S. financial services companies being a recent example. "

"More stealthy, sophisticated application layer attacks can be difficult to deal with especially if they are only one part of a multi-vector attack. Arbor's WorldWide Infrastructure Report 2012 reveals multi-vector attacks have become more common with 46 per cent of respondents reporting these in 2012 - up from 32 per cent the previous year. Internet service availability is also key. Downtime can cause significant reputational and financial damage to organisations who are reliant on the Internet to sell products, offer services or access cloud based data and applications. Virtually all businesses are vulnerable in some way."



Post a comment

Comments may be moderated for spam, obscenities or defamation.