Cyberattacks Added Frequency, Firepower in 2012: Report

Cyberattackers are boosting the frequency and firepower of their assaults as well as shifting tactics to avoid detection.

Attacks designed to slow companies' websites rose 19% in the fourth quarter of 2012, compared with a year earlier, Prolexic, a digital security firm, said in a report published Thursday.

So-called denial of service attacks consumed roughly 13.5% more processing power than they did in the fourth quarter of 2012, as attackers used a toolkit called itsoknoproblembro to create malicious software that can commandeer armies of servers that can flood companies' websites with a digital tsunami.

"2012 demonstrated a remarkable evolution within the world of DDoS activity," Prolexic staff wrote, referring to distributed denial of service attacks. "Over the 12-month period, large attacks targeted the financial services, e-commerce, [software as a service], and energy sectors as well as government organizations and even specific [internet service providers]."

The report added that "the paradigm shifted with the emergence of the itsoknoproblembro" malware, which "allowed for effective and automated reconnaissance, exploitation, infection and attack management."

The findings come amid a series of cyberattacks since last fall that have swamped websites and inconvenienced customers of the nation's biggest banks. On Tuesday, BB&T weathered the third assault on its website since September.

Some big banks reportedly have turned to U.S. intelligence officials for information about the attacks and advice on how to protect computer systems.

The report finds that attackers refined itsoknoproblembro throughout 2012 as they sought to boost the malware's effectiveness and to avoid detection.

According to Prolexic, most attacks that used itsoknoproblembro in the fourth quarter are believed to have originated in China as a result of the number of vulnerable servers and workstations located in the country. A majority of the remaining traffic is thought to have come from machines in Eastern Europe and throughout the rest of Asia.

Though website owners can defend against the attacks by either filtering traffic to their sites or disabling the attacking software, the latest forms of malware can themselves become servers. "This means that for practical reasons the individual bots themselves must ultimately be identified and removed," Prolexic wrote.

For reprint and licensing requests for this article, click here.
Bank technology
MORE FROM AMERICAN BANKER