News

World
Politics
Business
Science
Sport
Archive

Latest In

News

Finance

Investing
Banking
Freelancing
Real Estate
Personal Finance & Wealth
Fintech

Latest In

Finance

Celebrities

Hollywood Spotlight
Music Artists
Next Gen
Celebrity Couples
Royals
Global Icons

Latest In

Celebrities

Entertainment

Movies & TV Shows
Reviews
Technology
Gambling
Fashion
Trending

Latest In

Entertainment

Crypto

Bitcoin
Altcoins
NFT
Mining & Security
Strategies & Analysis
Blockchain

Latest In

Crypto

Travel

Latest In

Travel

Health

Nutrition
Medical Conditions
Beauty
Reiki
Wellness Tips
Drugs & Supplements

Latest In

Health

Others

Society
Culture
Numerology

Latest In

Others

Things You Should Know about Worsening DDoS Attacks

2013 was a “dynamic” year for distributed denial of service attacks, and 2014 likely will see the phenomenon intensifying, says Prolexic Technologies.

Author:Paolo Reyna
Reviewer:James PierceMar 01, 2021136K Shares2.5M Views
2013 was a “dynamic” year for distributed denial of service attacks, and 2014 likely will see the phenomenon intensifying, says Prolexic Technologies, which provides DDoS mitigation services.
A DDoS attack occurs when a malicious entity—an individual, organized criminal, or nation-state—deliberately floods a given victim’s computer system with much more data input than the system can handle. This can cause the system to crash, requiring emergency attention to deflect the attack and restore service. Often, such attacks are used as a means to hide attention from a secondary intrusion meant to collect personally identifying information of customers, insert other malware, or otherwise cause harm to the victim.
Some of the trends for 2013 that Prolexic chronicled include:
  • DDoS attack volume increased month-to-month in 2013, with 10 out of 12 months showing higher attack volume compared to 2012.
  • Smaller, stealthy, and more sophisticated application layer attacks increased by approximately 42%.
  • High bandwidth, volumetric infrastructure layer attacks increased by approximately 30%.
  • Average DDoS attack sizes continued to increase, with Prolexic mitigating numerous attacks over 100 Gbps, the largest peaking at 179 Gbps.
  • Mobile devices and apps began participating in DDoS campaigns.
“It is critical in 2014 that enterprise defences continue to keep pace with the changing DDoS threat,” says Stuart Scholly, president, Prolexic. “In addition to increased vigilance and knowledge, enterprises should also validate services from any mitigation providers they have retained to ensure the latest threats can be blocked quickly and effectively.”

Murray Walton Says

Murray Walton, chief risk officer, Fiserv echoes this: “The first question you need to ask your provider is, are you prepared? Have you thought about this and defined this as a foreseeable risk? Do you have detailed plans for dealing with this, in terms of the incident itself, business continuity, disaster recovery, and customer communications?”
He was speaking during the recent ABA webcast/briefing “Distributed Denial of Service Attacks: Managing and Mitigating the Threat.” This is the first of five cybersecurity briefings ABA will offer.
Through its experience of offering DDoS mitigation services to more than 6,000 financial institutions, Walton says Fiserv deals with one or two attacks per week, and that their frequency, duration, intensity, and complexity all are increasing. They generally come in two categories: volumetric attacks and application-layer attacks.

Attacks

Volumetric attacks are most common and are the ones that flood a target address with massive data traffic. This typically overwhelms or exhausts firewalls, load balancers, and other infrastructure. Walton says these constitute about 80% of all attacks.
Application layer attacks are more sophisticated, crafted to look like legitimate traffic but seek out discrete application packets, such as those used for the site’s branch locator function, statement retrieval function, or search function, among others. While constituting about 20% of attacks now, Walton assumes that application-layer attacks may become more prevalent as defences against volumetric attacks improve.
Looking ahead, Walton recommends these steps:
  • Create a DDoS playbook, planning your overall response in advance.
  • Incorporate DDoS scenarios in your business continuity plans.
  • Use your vendor management process to ask your technology service provider how they address DDoS, and who does what in the event of an attack, and whether their solution architecture puts you in a “glancing blow” or a “direct hit” position if a DDoS attack occurs.
Regarding technology investment, Walton recommends investigating options for:
  • DDoS detection and blocking services from your data carriers.
  • On-premises devices for customized deflection.
  • Web application firewalls for environments susceptible to application-layer attacks.
“Plan ahead. This is a foreseeable threat and it can happen to you,” Walton says.
Jump to

Murray Walton Says

Attacks

Paolo Reyna

Paolo Reyna

Author
James Pierce

James Pierce

Reviewer
Latest Articles
Popular Articles