Banks on the business end of DDoS attack surge - report
Shorter, bigger attack trend continues
Financial firms were in the crosshairs of cyber-attackers during the first three months of 2012, while a threefold increase in DDoS attacks was recorded.
DDoS mitigation biz Prolexic reports that the growth in the number of attacks against its clients in banking and insurance was accompanied by a 3,000 per cent increase in malicious packet traffic (up from 14 billion packets of malicious traffic in Q4 2011 to 1.1 trillion in Q1 2012).
The firm, which released its Quarterly Global DDoS Attack Report this week, said that the overall number of attacks from Q4 2011 to Q1 2012 was virtually unchanged but that there had been a 6 per cent rise in more sophisticated Layer 7 (application layer) attacks. Average attack duration declined from 34 hours in the back end of 2011 to 28.5 hours in Q1 2012, however, average attack bandwidth increased to 6.1 Gbps. This represents an increase from 5.2 Gbps in the previous quarter – continuing a trend towards shorter, fiercer attacks that has continued in successive quarters over the last 12 months.
The firm said UDP (User Datagram Protocol) floods had declined in popularity over recent months, with SYN floods emerging as the prime vector of DDoS attacks over recent months.
China remains the top source country for attacks, but the US and Russia have both moved up in Prolexic’s rankings.
The security tools firm said that it had mitigated more attack traffic this quarter than it had done during the whole of 2011.
"This quarter was characterised by extremely high volumes of malicious traffic directed at our financial services clients," said Neal Quinn, Prolexic’s vice president of operations. "We expect other verticals beyond financial services, gaming and gambling to be on the receiving end of these massive attack volumes as the year progresses."
Several different motivations have spawned the growth in DDoS attacks over recent years, including ideological and politically motivated "hacktivism" and financially motivated cybercrime. Less frequently, DDoS attackers are conducting cyberespionage or are performing hate crimes. Occasionally hackers carry out attacks just to test out new tools or for the simple devilment of causing disruption, according to Prolexic.
Data for the Q1 2012 report was gathered and analysed by members of the Prolexic Security Engineering & Response Team (PLXsert). The group monitors malicious cyber threats globally and analyses DDoS attacks. Using data forensics and post-attack analysis, PLXsert is able to build a global view of DDoS attacks, which the firm shares with its customers.
Prolexic's DDoS attack trends report can be downloaded here (registration required). ®