Gartner: One Quarter of DDOS Attacks Launched This Year Will Be Application-Based

A new study on the impact of cyberthreats on e-commerce and financial services

  Gartner releases new study
Application-based distributed denial-of-service (DDOS) attacks – ones in which attackers send out commands to applications in an effort to make them unavailable by overloading the CPU and memory – will account for 25% of the attacks that will be launched in 2013.

Application-based distributed denial-of-service (DDOS) attacks – ones in which attackers send out commands to applications in an effort to make them unavailable by overloading the CPU and memory – will account for 25% of the attacks that will be launched in 2013.

Gartner has issued a new report, “Arming Financial and E-Commerce Services Against Top 2013 Cyberthreats,” which details the criminal trends for 2013, and solutions for preventing them.

“2012 witnessed a new level of sophistication in organized attacks against enterprises across the globe, and they will grow in sophistication and effectiveness in 2013,” said Avivah Litan, VP and distinguished analyst at Gartner.

“A new class of damaging DDoS attacks and devious criminal social-engineering ploys were launched against U.S. banks in the second half of 2012, and this will continue in 2013 as well-organized criminal activity takes advantage of weaknesses in people, processes and systems.”

The company says that high-bandwidth DDOS attacks, such as the ones recently launched against US financial institutions, will most likely become more common in the upcoming period.

In order to combat the risks posed by such attacks, organizations are advised to reconfigure their networks so that the damage is minimized as much as possible.

“Organizations that have a critical Web presence and cannot afford relatively lengthy disruptions in online service should employ a layered approach that combines multiple DOS defenses,” Litan added.

Gartner warns that hackers often rely on DDOS attacks to distract the attention of security staff while they steal sensitive information and even money from the targeted company.

In this case, enterprises should take steps to mitigate the effects of an attack by cooperating with industry associations in sharing useful intelligence.

Finally, the company reveals that social engineering continues to be a serious issue. This year, criminals are said to have reached “new levels of deviousness.”

Comments