One quarter of the distributed denial of service (DDoS) attacks that occur this year will be application-based, according to a new report.
During these attacks, the bad guys send out targeted commands to applications to tax the CPU and memory and make the application unavailable, according to Gartner.
“2012 witnessed a new level of sophistication in organized attacks against enterprises across the globe, and they will grow in sophistication and effectiveness in 2013,” said Avivah Litan, vice president and distinguished analyst at Gartner. “A new class of damaging DDoS attacks and devious criminal social-engineering ploys were launched against U.S. banks in the second half of 2012, and this will continue in 2013 as well-organized criminal activity takes advantage of weaknesses in people, processes and systems.”
Gartner has identified some of the top 2013 criminal trends and potential safeguards and solutions for firms at risk of attack.
A new class of damaging DDoS attacks launched against U.S. banks in the second half of 2012, sometimes adding up to 70 Gbps of noisy network traffic blasting at the banks through the Internet. Until those types of attacks, most network-level DDoS onslaughts consumed only five Gbps of bandwidth, but more recent levels made it impossible for bank customers and others using the same pipes to get to their websites.
“To combat this risk, enterprises need to revisit their network configurations, and rearchitect them to minimize the damage that can be done,” Litan said. “Organizations that have a critical Web presence and cannot afford relatively lengthy disruptions in online service should employ a layered approach that combines multiple DOS defenses.”
Enterprises subject to DDoS attacks should take steps to mitigate potential damage from these attacks. In particular, Gartner advocates cooperation with industry associations to share intelligence so they can act collectively and quickly. In addition, there should be enterprise investments in fraud prevention technology and the strengthening of organizational processes.