Feeds

Banks on the business end of DDoS attack surge - report

Shorter, bigger attack trend continues

Top 5 reasons to deploy VMware with Tegile

Financial firms were in the crosshairs of cyber-attackers during the first three months of 2012, while a threefold increase in DDoS attacks was recorded.

DDoS mitigation biz Prolexic reports that the growth in the number of attacks against its clients in banking and insurance was accompanied by a 3,000 per cent increase in malicious packet traffic (up from 14 billion packets of malicious traffic in Q4 2011 to 1.1 trillion in Q1 2012).

The firm, which released its Quarterly Global DDoS Attack Report this week, said that the overall number of attacks from Q4 2011 to Q1 2012 was virtually unchanged but that there had been a 6 per cent rise in more sophisticated Layer 7 (application layer) attacks. Average attack duration declined from 34 hours in the back end of 2011 to 28.5 hours in Q1 2012, however, average attack bandwidth increased to 6.1 Gbps. This represents an increase from 5.2 Gbps in the previous quarter – continuing a trend towards shorter, fiercer attacks that has continued in successive quarters over the last 12 months.

The firm said UDP (User Datagram Protocol) floods had declined in popularity over recent months, with SYN floods emerging as the prime vector of DDoS attacks over recent months.

China remains the top source country for attacks, but the US and Russia have both moved up in Prolexic’s rankings.

The security tools firm said that it had mitigated more attack traffic this quarter than it had done during the whole of 2011.

"This quarter was characterised by extremely high volumes of malicious traffic directed at our financial services clients," said Neal Quinn, Prolexic’s vice president of operations. "We expect other verticals beyond financial services, gaming and gambling to be on the receiving end of these massive attack volumes as the year progresses."

Several different motivations have spawned the growth in DDoS attacks over recent years, including ideological and politically motivated "hacktivism" and financially motivated cybercrime. Less frequently, DDoS attackers are conducting cyberespionage or are performing hate crimes. Occasionally hackers carry out attacks just to test out new tools or for the simple devilment of causing disruption, according to Prolexic.

Data for the Q1 2012 report was gathered and analysed by members of the Prolexic Security Engineering & Response Team (PLXsert). The group monitors malicious cyber threats globally and analyses DDoS attacks. Using data forensics and post-attack analysis, PLXsert is able to build a global view of DDoS attacks, which the firm shares with its customers.

Prolexic's DDoS attack trends report can be downloaded here (registration required). ®

Internet Security Threat Report 2014

More from The Register

next story
'Kim Kardashian snaps naked selfies with a BLACKBERRY'. *Twitterati gasps*
More alleged private, nude celeb pics appear online
Home Depot ignored staff warnings of security fail laundry list
'Just use cash', former security staffer warns friends
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Freenode IRC users told to change passwords after securo-breach
Miscreants probably got in, you guys know the drill by now
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
BitTorrent's peer-to-peer chat app Bleep goes live as public alpha
A good day for privacy as invisble.im also reveals its approach to untraceable chats
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.