Feeds

Banks on the business end of DDoS attack surge - report

Shorter, bigger attack trend continues

SANS - Survey on application security programs

Financial firms were in the crosshairs of cyber-attackers during the first three months of 2012, while a threefold increase in DDoS attacks was recorded.

DDoS mitigation biz Prolexic reports that the growth in the number of attacks against its clients in banking and insurance was accompanied by a 3,000 per cent increase in malicious packet traffic (up from 14 billion packets of malicious traffic in Q4 2011 to 1.1 trillion in Q1 2012).

The firm, which released its Quarterly Global DDoS Attack Report this week, said that the overall number of attacks from Q4 2011 to Q1 2012 was virtually unchanged but that there had been a 6 per cent rise in more sophisticated Layer 7 (application layer) attacks. Average attack duration declined from 34 hours in the back end of 2011 to 28.5 hours in Q1 2012, however, average attack bandwidth increased to 6.1 Gbps. This represents an increase from 5.2 Gbps in the previous quarter – continuing a trend towards shorter, fiercer attacks that has continued in successive quarters over the last 12 months.

The firm said UDP (User Datagram Protocol) floods had declined in popularity over recent months, with SYN floods emerging as the prime vector of DDoS attacks over recent months.

China remains the top source country for attacks, but the US and Russia have both moved up in Prolexic’s rankings.

The security tools firm said that it had mitigated more attack traffic this quarter than it had done during the whole of 2011.

"This quarter was characterised by extremely high volumes of malicious traffic directed at our financial services clients," said Neal Quinn, Prolexic’s vice president of operations. "We expect other verticals beyond financial services, gaming and gambling to be on the receiving end of these massive attack volumes as the year progresses."

Several different motivations have spawned the growth in DDoS attacks over recent years, including ideological and politically motivated "hacktivism" and financially motivated cybercrime. Less frequently, DDoS attackers are conducting cyberespionage or are performing hate crimes. Occasionally hackers carry out attacks just to test out new tools or for the simple devilment of causing disruption, according to Prolexic.

Data for the Q1 2012 report was gathered and analysed by members of the Prolexic Security Engineering & Response Team (PLXsert). The group monitors malicious cyber threats globally and analyses DDoS attacks. Using data forensics and post-attack analysis, PLXsert is able to build a global view of DDoS attacks, which the firm shares with its customers.

Prolexic's DDoS attack trends report can be downloaded here (registration required). ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.