Gartner states that 25 percent of the distributed denial of service (DDoS) attacks occurring in 2013 will be application-based incidents aimed at e-commerce and financial services companies. During DDoS attacks, targeted commands are sent to applications to tax the central processing unit (CPU) and memory and make the application unavailable.
Avivah Litan, Gartner vice president and analyst, said, “2012 witnessed a new level of sophistication in organized attacks against enterprises across the globe, and they will grow in sophistication and effectiveness in 2013. [And] a new class of damaging DDoS attacks and devious criminal social-engineering ploys were launched against U.S. banks in the second half of 2012, and this will continue in 2013 as well-organized criminal activity takes advantage of weaknesses in people, processes and systems.”
Gartner has identified some of the top 2013 criminal trends and potential safeguards and solutions for firms at risk of attack. Here are a few of the trends:
- High-bandwidth DDoS attacks are becoming the new norm and will continue wreaking havoc on unprepared enterprises in 2013.
- A new class of damaging DDoS attacks was launched against U.S. banks in the second half of 2012, sometimes adding up to 70 Gbps of noisy network traffic blasting at the banks through their Internet pipes.
- Until this recent spate of attacks, most network-level DDoS attacks consumed only five Gbps of bandwidth, but more recent levels made it impossible for bank customers and others using the same pipes to get to their websites.
- Hackers use DDoS attacks to distract security staff so that they can steal sensitive information or money from accounts.
- People continue to be the weakest link in the security chain, as criminal social engineering ploys reach new levels of deviousness in 2013.
- In 2012, several different fraud scams that took social engineering tactics to new heights of deviousness have been reported, including criminals approaching people in person as law enforcement or bank officers to help them through account migration that then comprised their bank accounts.
“To combat this risk, enterprises need to revisit their network configurations, and re-architect them to minimize the damage that can be done,” said Litan. “Organizations that have a critical Web presence and cannot afford relatively lengthy disruptions in online service should employ a layered approach that combines multiple DOS defenses.”
Organizations should work in cooperation with industry associations to share intelligence that can be acted on collectively and quickly. Enterprises should also invest in fraud prevention technology and the strengthening of organizational processes.
Additionally, Gartner recommends deploying layered fraud prevention and identity-proofing techniques to help stop the social engineering attacks from succeeding. Specifically, enterprises should use fraud prevention systems that provide user or account behavioral profiling and entity link analysis, as well as call center call analytics and fraud prevention software to help catch fraudsters committing crimes via social engineering or by using stolen identities.
Finally, Gartner recommends that customers should also be educated on best security practices to help them avoid phishing attacks and social engineering ploys.
(For additional information contact: Gartner, 203-964-0096, www.gartner.com.)