Application-Based DDoS Attacks to Rise in 2013: Gartner
A new class of damaging DDoS attacks was launched against U.S. banks in the second half of 2012, the report said.A quarter of distributed denial of service (DDoS) attacks--when multiple systems flood the bandwidth or resources of a targeted system--that occur in 2013 will be application-based, according to a report from IT research firm Gartner. The report noted a new class of damaging DDoS attacks was launched against U.S. banks in the second half of 2012, sometimes adding up to 70G bps of noisy network traffic blasting at the banks through their Internet pipes. Until this recent spate of attacks, most network-level DDoS attacks consumed only 5G bps of bandwidth, but more recent levels made it impossible for bank customers and others using the same pipes to get to their Websites. Last year, several different fraud scams that took social engineering tactics to new heights of deviousness were reported, such as criminals approaching people in person as law enforcement or bank officers to help them through account migration that then comprised their bank accounts. "2012 witnessed a new level of sophistication in organized attacks against enterprises across the globe, and they will grow in sophistication and effectiveness in 2013," Gartner vice president and distinguished analyst Avivah Litan said in a statement. "A new class of damaging DDoS attacks and devious criminal social-engineering ploys were launched against U.S. banks in the second half of 2012, and this will continue in 2013 as well-organized criminal activity takes advantage of weaknesses in people, processes and systems."
During a DDoS attack, assailants send out targeted commands to applications to tax the central processing unit (CPU) and memory and make the application unavailable. Gartner said high-bandwidth DDoS attacks are becoming the new norm and will continue wreaking havoc on unprepared enterprises in 2013, though the company also identified potential safeguards and solutions for firms at risk of attack.