DDoS attacks become smarter, faster and more severe
DDoS attacks will continue to be a serious issue in 2014 – as attackers become more agile and their tools become more sophisticated, according to Radware. Their report was compiled using data from over 300 cases and the Executive Survey consisting of personal interviews with 15 high-ranking security executives.
In 2013, increasingly widespread DDoS attacks have led to detrimental service outages and service degradation, critically impacting revenue, overall customer satisfaction and brand perception. Attackers have become faster in defeating newly deployed mitigation tools.
Avi Chesla, CTO at Radware said: “Eighty-seven percent of our respondents encountered service level issues from these style of attacks. The negative impact of a service outage is already understood, but even small instances of service degradation can have harmful, lasting effects on an organization’s brand image, customer satisfaction and ultimately its bottom line.”
Key findings from the report include:
Service degradation is enough to interrupt business. Sixty percent of survey respondents stated they experienced service degradation due to attacks in 2013. While it might not seem as detrimental as a complete shutdown, studies show that 57 percent of online consumers will abandon a site after waiting three seconds for a page to load and 80 percent of those people will not return. For service-based organizations, this can result in immediate revenue loss.
Attackers (quickly) strike back. Attackers are increasingly adapting and defeating new defense protocols implemented by organizations through the use of new attack vectors. Using HTTP flood attacks and tools like “Kill’ em All,” attackers are dramatically shortening the mitigation cycle – sometimes to a matter of hours after resources have been deployed.
DoS/DDoS attacks leave a path of destruction. While powerful attacks occurred in 2011 and 2012, the overall intensity of the attacks and the percentage of such attacks with high risk have increased over the last several years. DDoS attacks increased in severity by 20 percent in 2013, according to Radware’s DoS/DDoS Risk Score assessment.
The industry “Hit List’ expands. The financial services industry joins government organizations as the sectors with the highest risk of attacks. Risk for financial services increased due to hacktivist groups performing DDoS attacks – like the continuation of Operation Ababil and those on several BitCoin exchanges – not only for destructive purposes, but also to simultaneously mask other intrusions leading to fraudulent activities. Risks of attacks to web hosting companies and Internet Service Providers also increased in 2013.
New attack vectors, one dangerous commonality. Survey results showed that DNS attacks are now the second most frequent attack vector organizations are fighting, behind DoS/DDoS. These are appealing to attackers due to their ability to generate massive traffic with limited resources and multi-layer architecture that makes tracing the assailants nearly impossible. In addition to DNS attacks, other attack vectors also emerged as significant issues for organizations. Encrypted application-based attacks made up 50 percent of all web attacks. Web application login pages were hit on a daily basis for 15 percent of organizations.
“Attacks in 2014 are not slowing down. In fact, organizations need to take action now to prepare their networks – particularly in the financial and government sectors,” added Chesla. “The results of this report are a call to action, and the best way to fight back against cyber attacks is to be prepared and engage the support of cyber security experts.”
Radware’s ERT recommends the following steps to anticipate and mitigate attacks:
- Speed up mitigation time. Organizations need to ensure that they can detect attacks and deploy mitigation solutions in the shortest time possible.
- Prepare blanket coverage. With multi-vector DoS/DDoS attacks becoming more prevalent, organizations need to invest in wider attack coverage that can detect and protect against attacks of any type and size.
- Establish a single point of contact. Having either an internal security team employed with DoS/DDoS experts or an external emergency response team who can help choose the correct mitigation options is crucial for organizations in case of an attack.