Gartner: Application Layer DDoS Attacks to Increase in 2013

Gartner: Application Layer DDoS Attacks to Increase in 2013

In 2013, less will be more.

Volumetric, blunt-force attacks will remain the primary type of Distributed Denial Of Service Attack (DDoS) in the coming year, but there will be noticeable growth in the incidence of low-and-slow application layer DDoS attacks, according to new research by Gartner.

In a report titled, “Arming Financial and E-Commerce Services Against Top 2013 Cyberthreats,” Gartner forecasts that 25% of ALL DDoS attacks in 2013 will be application-based. These incidents, which send out targeted commands to applications to tax the central processing unit (CPU) and memory and make the application unavailable, are more sophisticated and subtle than typical flooding DDoS assaults, and often pass through network defenses unnoticed.

In late 2012 and continuing on into 2013, the financial sector has been dogged by a well-publicized barrage of DDoS attacks. Initially, the attacks were of the nuisance variety, preventing customers from logging on to online banking portals. Of late, Islamic hacktivists, such as the extremist group Izz ad-Din al-Qassam Cyber Fighters claimed to have initiated these attacks over a blasphemous YouTube video, they were seen as a vehicle for social and political protest.

In general, DDoS attacks have been and continue to be a popular tactic due to the relative simplicity, low cost to conduct, and the large number of potential targets. According to Gartner, in late 2012, attacks grew in size to upwards of 70 Gbps of noisy network traffic blasting at the banks through their Internet pipes. Until this recent spate of attacks, most network-level DDoS attacks consumed only five Gbps of bandwidth, but more recent levels made it impossible for bank customers and others using the same pipes to get to their websites.

As these attacks began to proliferate, they became cover for a more criminal element aiming to utilize these DDoS attacks for monetary gain. A recent heist in which attackers apparently pilfered $900,000 from San Francisco-based Bank of the West points to an emerging trend. In this scenario, a DDoS attack was used as a diversion as attackers ended up utilizing remotely accessible malware to siphon money from unwitting users' accounts.

Gartner's report, as well as recent alerts issued by federal regulators, echoes these warnings.

“A new class of damaging DDoS attacks and devious criminal social-engineering ploys were launched against U.S. banks in the second half of 2012, and this will continue in 2013 as well-organized criminal activity takes advantage of weaknesses in people, processes and systems,” Avivah Litan, vice president and distinguished analyst at Gartner, said in a press release issued on the report.

This announcement comes at a pivotal time for the financial services industry and reinforces the findings of a recent study issued by the Ponemon Institute, and commissioned by Corero Network Security, that surveyed 650 IT professionals from 351 U.S. banks.

The report, titled “A Study of Retail Banks and DDoS Attacks,” found that while 78% of those surveyed believed that DDoS attacks will continue or significantly increase in 2013, only 30% planned to purchase any additional security infrastructure to combat these attacks. A worrisome sign that these attacks, with their increasing level of sophistication, will continue to expand.

Banks are not alone. In fact, Litan maintains that any entity that uses the Internet to conduct business is at heightened risk.

“Organizations that have a critical Web presence and cannot afford relatively lengthy disruptions in online service should employ a layered approach that combines multiple DOS defenses,” said Litan.

In addition to the application-layer findings, in the press release Gartner warns of these continued developments:

  • “High-bandwidth DDoS attacks are becoming the new norm and will continue wreaking havoc on unprepared enterprises in 2013.”
  • “Hackers use DDoS attacks to distract security staff so that they can steal sensitive information or money from accounts.”
  • “People continue to be the weakest link in the security chain, as criminal social engineering ploys reach new levels of deviousness in 2013.”

Litan added that “2012 witnessed a new level of sophistication in organized attacks against enterprises across the globe. And they will grow in sophistication and effectiveness in 2013.”

A complete copy of the report can be found here.