Feeds

Report: DDoS attacks now MORE ANGRY, complex and targeted

Less like the Hulk, more like Iron Man

Combat fraud and increase customer satisfaction

The days when attackers relied on sheer bandwidth volume alone to knock out websites are over, with miscreants increasingly using application-layer and multi-vector attacks.

The latest annual study from DDoS attack protection company Arbor Networks reports that 46 per cent of respondents said they had experienced multi-layer attacks in the year up to the end of September 2012, markedly up from the 27 per cent recorded in the year before. The largest attack reported was 60 Gbps, the same figure as 2011.

In 2010, the peak attack hit a bumper 100 Gbps.

Instead of concentrating on upping the noise, the bad guys have switched tactics towards application-layer (targeting web services, mostly) and multi-vector attacks rather than less sophisticated packet flood attacks, Arbor said.

Data centres and cloud services are increasingly getting hit by DDoS attacks, which have traditionally been slung solely against websites. Arbor reports that "distributed denial of service (DDoS) attacks have plateaued in size but become more complex" adding that "data centre and cloud services are especially attractive targets". The vast majority (94 per cent) of data centre operators polled by Arbor Networks reported they had been hot by attacks during the study period.

DDoS attacks are used by a variety of players from hacktivists to cybercriminals using packet floods as a means of extortion to business rivals of targeted companies. Arbor reports that e-commerce and online gaming sites are among the most common targets of attack.

Arbor's study, generally regarded as one of the best of its type, is based on survey data provided by network operators from around the world that use its technology to fend off DDoS attacks.

The study also found that DNS (Domain Name Server) infrastructure remains vulnerable. More than a quarter (27 per cent) of respondents experienced customer-impacting DDoS attacks on their DNS infrastructure—a significant increase over the 12 per cent of respondents from previous year’s survey.

Arbor Network's eight annual Worldwide Infrastructure Security Report report can be found here. ®

Combat fraud and increase customer satisfaction

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.