Feeds

Banks on the business end of DDoS attack surge - report

Shorter, bigger attack trend continues

The essential guide to IT transformation

Financial firms were in the crosshairs of cyber-attackers during the first three months of 2012, while a threefold increase in DDoS attacks was recorded.

DDoS mitigation biz Prolexic reports that the growth in the number of attacks against its clients in banking and insurance was accompanied by a 3,000 per cent increase in malicious packet traffic (up from 14 billion packets of malicious traffic in Q4 2011 to 1.1 trillion in Q1 2012).

The firm, which released its Quarterly Global DDoS Attack Report this week, said that the overall number of attacks from Q4 2011 to Q1 2012 was virtually unchanged but that there had been a 6 per cent rise in more sophisticated Layer 7 (application layer) attacks. Average attack duration declined from 34 hours in the back end of 2011 to 28.5 hours in Q1 2012, however, average attack bandwidth increased to 6.1 Gbps. This represents an increase from 5.2 Gbps in the previous quarter – continuing a trend towards shorter, fiercer attacks that has continued in successive quarters over the last 12 months.

The firm said UDP (User Datagram Protocol) floods had declined in popularity over recent months, with SYN floods emerging as the prime vector of DDoS attacks over recent months.

China remains the top source country for attacks, but the US and Russia have both moved up in Prolexic’s rankings.

The security tools firm said that it had mitigated more attack traffic this quarter than it had done during the whole of 2011.

"This quarter was characterised by extremely high volumes of malicious traffic directed at our financial services clients," said Neal Quinn, Prolexic’s vice president of operations. "We expect other verticals beyond financial services, gaming and gambling to be on the receiving end of these massive attack volumes as the year progresses."

Several different motivations have spawned the growth in DDoS attacks over recent years, including ideological and politically motivated "hacktivism" and financially motivated cybercrime. Less frequently, DDoS attackers are conducting cyberespionage or are performing hate crimes. Occasionally hackers carry out attacks just to test out new tools or for the simple devilment of causing disruption, according to Prolexic.

Data for the Q1 2012 report was gathered and analysed by members of the Prolexic Security Engineering & Response Team (PLXsert). The group monitors malicious cyber threats globally and analyses DDoS attacks. Using data forensics and post-attack analysis, PLXsert is able to build a global view of DDoS attacks, which the firm shares with its customers.

Prolexic's DDoS attack trends report can be downloaded here (registration required). ®

Next gen security for virtualised datacentres

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?