View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Data Centre
February 21, 2013

Gartner says 25% of DDoS attacks will be application based

A report by Gartner predicts that the number of sophisticated attacks on e-commerce and financial industries will increase in 2013.

By Tineka Smith

According to Gartner, during these incidents attackers will send out targeted commands to the memory of applications to make them unavailable.

"2012 witnessed a new level of sophistication in organized attacks against enterprises across the globe and they will grow in sophistication and effectiveness in 2013," said Avivah Litan, vice president and analyst at Gartner.

The report reveals that a sophisticated class of DDoS attacks were deployed against US banks in 2012 which made it impossible for bank customers and others to get to websites.

"A new class of damaging DDoS attacks and devious criminal social-engineering ploys were launched against U.S. banks in the second half of 2012, and this will continue in 2013 as well-organised criminal activity takes advantage of weakness in people, processes and systems."

Gartner predicts that high-bandwidth DDoS attacks will become the new norm and target unprepared enterprises in 2013.

The firm says that enterprises need to bolster their network configurations.

"To combat this risk, enterprises need to revisit their network configurations, and re-architect them to minimize the damage that can be done," said Litan. "Organizations that have a critical Web presence and cannot afford relatively lengthy disruptions in online service should employ a layered approach that combines multiple DOS defences."

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Cyber criminals have taken attacks to a whole new level with several fraud scams involved criminals approaching people in person as law enforcement or bank employees to help them through ‘account migration.’ Victims who fell for the scams then had their bank accounts compromised.

Gartner suggests that bolstering fraud prevention and identity-proofing security will stop help social engineering attacks from growing. Prevention systems that that provide user or account behavioural profiling will also be useful.

Businesses should also educate their customers are best security practices to help them avoid phishing attacks and social engineering ploys.

"Enterprises are just beginning to open their eyes to the threats posed by DDoS attacks, as hackers take advantage of shortfalls in security wherever they find them," said Arbor’s EMEA Solutions Architect Team Lead, Darren Anstee. "The attacks against a number of high profile U.S. financial services companies being a recent example. "

"More stealthy, sophisticated application layer attacks can be difficult to deal with especially if they are only one part of a multi-vector attack. Arbor’s WorldWide Infrastructure Report 2012 reveals multi-vector attacks have become more common with 46 per cent of respondents reporting these in 2012 – up from 32 per cent the previous year. Internet service availability is also key. Downtime can cause significant reputational and financial damage to organisations who are reliant on the Internet to sell products, offer services or access cloud based data and applications. Virtually all businesses are vulnerable in some way."


Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.