As attackers become increasingly agile and tools much more sophisticated, distributed denial of service (DDoS) attacks will become an even more serious issue this year, a new report said.
In 2013 DDoS attacks led to detrimental service outages and service degradation, which has a big impact on revenue, overall customer satisfaction and brand perception, according to the report by security provider Radware, which compiled its report using data from over 300 cases and an executive survey consisting of personal interviews with 15 high-ranking security executives.
In short, attackers have become faster in defeating newly deployed mitigation tools, the report said.
“Eighty-seven percent of our respondents encountered service level issues from these style of attacks,” said Avi Chesla, CTO at Radware. “The negative impact of a service outage is already understood, but even small instances of service degradation can have harmful, lasting effects on an organization’s brand image, customer satisfaction and ultimately its bottom line.”
Key findings from the report include:
Service degradation is enough to interrupt business. Sixty percent of survey respondents said they experienced service degradation due to attacks in 2013. While it might not seem as detrimental as a complete shutdown, studies show 57 percent of online consumers will abandon a site after waiting three seconds for a page to load and 80 percent of those people will not return.
Attackers (quickly) strike back. Attackers are increasingly adapting and defeating new defense protocols implemented by organizations through the use of new attack vectors. Using HTTP flood attacks and tools like “Kill’ em All,” attackers are dramatically shortening the mitigation cycle.
DoS/DDoS attacks leave a path of destruction. While powerful attacks occurred in 2011 and 2012, the overall intensity of the attacks and the percentage of such attacks with high risk have increased over the last several years. DDoS attacks increased in severity by 20 percent in 2013, according to Radware’s DoS/DDoS Risk Score assessment.
New attack vectors, one dangerous commonality. Survey results showed DNS attacks are now the second most frequent attack vector organizations are fighting, behind DoS/DDoS. These are appealing to attackers due to their ability to generate massive traffic with limited resources and multi-layer architecture that makes tracing the assailants nearly impossible. In addition to DNS attacks, other attack vectors also emerged as significant issues for organizations. Encrypted application-based attacks made up 50 percent of all web attacks. Web application login pages end up hit on a daily basis for 15 percent of organizations.
“Attacks in 2014 are not slowing down. In fact, organizations need to take action now to prepare their networks – particularly in the financial and government sectors,” added Chesla. “The results of this report are a call to action, and the best way to fight back against cyber attacks is to be prepared and engage the support of cyber security experts.”