Corporations bring a 'knife to a gun fight' amid cyberattacks
According to a new report, denial-of-service attacks rose by a staggering 170 percent last year, and corporations need to learn how to better defend themselves.
Corporations are increasingly under fire from the rapidly rising threat of distributed denial-of-service (DDoS) attacks, according to new research from security firm Radware.
The study notes that DDoS attacks on corporations rose 170 percent in 2012 over the previous year.
After analyzing data from a number of security breaches and responses from 179 participating firms, Radware said that many corporations can be compared to "someone who brings a knife to a gun fight." In other words, businesses are attempting to protect themselves from cyberattacks but often fail because they are unprepared.
A number of trends point toward a critical blind spot: few businesses have the resources or protection in place to withstand long-term, drawn-out cyberattacks, which is a key element that many hackers exploit.
Avi Chesla, chief technology officer at Radware, said the security firm has studied hundreds of DoS/DDoS attacks and found that "attacks lasting more than one week have doubled in frequency during 2012."
One of the top cyberattack trends documented in 2012 is the use of compromised servers to launch botnets in denial-of-service attacks. Being able to use different servers in various locations has lifted many limitations of the single-server campaign, and a huge amount of traffic can be directed to a site to overload and close it quickly. In addition, the use of multiple servers available 24/7 not only facilities the use of command-and-control centers but improves the reliability of such attacks. The security firm expects this method to grow in popularity over the next year.
In terms of damage, complexity and force, Radware said, 58 percent of server-based botnet DoS attacks in 2012 scored 7 out of 10 points for complexity, compared with 23 percent in 2011. Seventy percent achieved a complexity rating of 3 or higher, whereas 30 percent were given that score in 2011.
In addition, financial services and e-commerce sites that rely on HTTPS are a concern due to encrypted layer attacks. Hackers now often use encrypted layers to launch application-level and SSL attacks that can remain undetected until it's too late to rectify the problem.
Finally, Radware said, the spawning of "do it yourself" sites that assist anyone with minimal coding and hacking skills to take on a corporation is reaching the commodity level. These hacking-for-hire and free kits can result in someone paying little more than $10 for a ransomware attacking tool, which in turn means that hacking is no longer just for pros.
The security firm suggests that instead of administering a "pre and post" defensive stance in relation to cyberattacks, an "on demand" force should be employed to tackle the threat head-on once it appears. That is a better option than enduring long DoS/DDoS attacks that can cost a business both revenue and reputation. According to Radware, large corporations should have no fewer than nine security engineers available to defend systems and should invest in a dynamic "security war room" to keep threats at bay.