Cyberattackers Ratcheting Up Intensity of Assaults: Report
DDoS mitigation services provider Prolexic provides numbers around the cyberattacks banks experienced in the fourth quarter of 2012.
The New York Times reported that the long-time rumors that Iran is behind a swath of distributed denial of service attacks on banks are true.
Banks are turning to the National Security Agency for help mitigating DDoS attacks.
Cyberattackers are ratcheting up the frequency and intensity of their assaults.
Distributed denial-of-service attacks, which aim to slow companies' websites by flooding them with a torrent of data, increased 170% in 2012, according to a report published recently by Radware, a digital security firm.
The number of denial-of-service attacks that lasted more than a week doubled in 2012, from a year earlier, the report finds. Nearly one-third of the attacks in 2012 revealed the highest level of threat, as measured by duration, number of vectors and complexity, compared with 7% of attacks that displayed such characteristics in 2011.
"In 2012, we saw a new cyber security threat — a consistent and steady increase in advanced and persistent [denial of service] campaigns," Radware's security researchers wrote in their Global Application & Network Security Report. "Nowadays it's common to see attacks with four, five or even ten attack vectors, lasting three days, a week or even a month."
The report comes amid a series of cyberattacks that have slowed service and inconvenienced customers at some of the nation's biggest banks. In some cases attackers have exploited protocols and harnessed cloud computing facilities to boost the firepower they can direct at financial institutions.
More than half of companies surveyed by Radware think they may be the target of an advance and persistent cyber assault, although 81% say they feel unprepared to handle such an attack.
According to Radware, companies tend to prepare for cyberattacks and to analyze them afterward, without investing in the capability to defend themselves during attacks themselves. "Organizations have one critical blind spot," the Radware researchers wrote. "They don't have capabilities or resources to apply during the attack phase, and can't sustain a long, complicated attack campaign."
Companies focus 79% of their efforts on the pre-attack and post-attack phase, while 21% of their efforts focus on running "real time management systems or putting together a security team to respond and dynamically implement attack mitigation," according to the researchers, who say attackers exploit the mismatch of effort to their advantage.
Radware urges companies to stand ready with a team of experts who can respond in real time to an attack and launch counter measures to stop an assault in progress.
The report's findings draw on information from 274 companies worldwide that Radware derives from a 29-question survey and the firm's own experience responding to 95 medium- to high-severity attacks.