Radware® (NASDAQ: RDWR), a leading provider of application delivery and application security solutions for virtual and cloud data centers, recently released its 2013 Global Application and Network Security Report. The annual report indicates that distributed denial of service (DDoS) attacks will continue to be a serious issue in 2014 – as attackers become more agile and their tools become more sophisticated. In 2013, increasingly widespread DDoS attacks have led to detrimental service outages and service degradation, critically impacting revenue, overall customer satisfaction and brand perception. The report also reveals that attackers have become faster in defeating newly deployed mitigation tools.
Radware’s Emergency Response Team (ERT), which actively monitors and mitigates attacks in real-time, developed the report – delivering an important analysis of DoS/DDoS attacks from both an enterprise and technical perspective, and provides best practices to inform and help organizations combat network assaults. The 2013 report was compiled using data from over 300 cases handled by Radware’s ERT in 2013, a vendor-neutral security industry survey conducted by the ERT, and the newly added executive survey consisting of personal interviews with 15 high-ranking security executives.
“Our report indicates that DoS/DDoS attacks have increasingly become the tool of choice for cyber-hackivists groups and will continue to wreak havoc on organizations,” says Avi Chesla, chief technology officer at Radware. “Eighty-seven percent of our respondents encountered service-level issues from these style of attacks. The negative impact of a service outage is already understood, but even small instances of service degradation can have harmful, lasting effects on an organization’s brand image, customer satisfaction and ultimately its bottom line.”
Click through for findings from a security report released from Radware focusing on DoS/DDoS attacks and the increasing threat they pose for 2014.
Service degradation is enough to interrupt business. Sixty percent of survey respondents stated they experienced service degradation due to attacks in 2013. While it might not seem as detrimental as a complete shutdown, studies show that 57 percent of online consumers will abandon a site after waiting three seconds for a page to load and 80 percent of those people will not return. For service-based organizations, this can result in immediate revenue loss.
Attackers (quickly) strike back. Attackers are increasingly adapting and defeating new defense protocols implemented by organizations through the use of new attack vectors. Using HTTP flood attacks and tools like “Kill’ em All,” attackers are dramatically shortening the mitigation cycle – sometimes to a matter of hours after resources have been deployed.
DoS/DDoS attacks leave a path of destruction. While powerful attacks occurred in 2011 and 2012, the overall intensity of the attacks and the percentage of such attacks with high risk have increased over the last several years. DDoS attacks increased in severity by 20 percent in 2013, according to Radware’s DoS/DDoS risk score assessment.
The industry ‘Hit List’ expands. The financial services industry joins government organizations as the sectors with the highest risk of attacks. Risk for financial services increased due to hacktivist groups performing DDoS attacks – like the continuation of Operation Ababil and those on several BitCoin exchanges – not only for destructive purposes, but also to simultaneously mask other intrusions leading to fraudulent activities. Risks of attacks to Web hosting companies and Internet service providers also increased in 2013.
New attack vectors, one dangerous commonality. Survey results showed that DNS attacks are now the second most frequent attack vector organizations are fighting, behind DoS/DDoS. These are appealing to attackers due to their ability to generate massive traffic with limited resources and multi-layer architecture that makes tracing the assailants nearly impossible. In addition to DNS attacks, other attack vectors also emerged as significant issues for organizations. Encrypted application-based attacks made up 50 percent of all Web attacks. Web application login pages were hit on a daily basis for 15 percent of organizations.
Recommendations
“Attacks in 2014 are not slowing down. In fact, organizations need to take action now to prepare their networks – particularly in the financial and government sectors,” added Chesla. “The results of this report are a call to action, and the best way to fight back against cyber attacks is to be prepared and engage the support of cyber security experts.”
Radware’s ERT recommends the following steps to anticipate and mitigate attacks:
- Speed up mitigation time. Organizations need to ensure that they can detect attacks and deploy mitigation solutions in the shortest time possible.
- Prepare blanket coverage. With multi-vector DoS/DDoS attacks becoming more prevalent, organizations need to invest in wider attack coverage that can detect and protect against attacks of any type and size.
- Establish a single point of contact. Having either an internal security team employed with DoS/DDoS experts or an external emergency response team who can help choose the correct mitigation options is crucial for organizations in case of an attack.