Application-based DDoS attacks are on the rise, warns Gartner

DDoS attacks cost enterprises $3.5 million every year, says Ponemon

This year, one-quarter of distributed denial of service attacks (DDoS) will be application-based, predicted research firm Gartner.

During application-based attacks, hackers send out targeted commands to applications to overwhelm the central processing unit and memory and make the application unavailable, the research firm explained.

Financial services and e-commerce firms will be favorite targets of DDoS attackers in 2013, as they were in 2012, Gartner noted.

DDoS attacks cost enterprises $3.5 million every year, according to a study by the Ponemon Institute and security firm Radware. More than two-thirds of the 705 IT professionals surveyed by Ponemon said their firms had experienced on average three DDoS attacks per year, with an average downtime of 54 minutes per attack. Costs include lost traffic, diminished productivity and lost revenue.  

Two-thirds of respondents said the severity of DDoS attacks is on the rise, yet fewer than half said their firms are vigilant in monitoring and combating attacks.

High-bandwidth DDoS attacks that blast networks with 70 Gbps of noisy traffic through the Internet are on the rise, warned Avivah Litan, vice president and distinguished analyst at Gartner.

"2012 witnessed a new level of sophistication in organized attacks against enterprises across the globe, and they will grow in sophistication and effectiveness in 2013. A new class of damaging DDoS attacks and devious criminal social-engineering ploys were launched against U.S. banks in the second half of 2012, and this will continue in 2013 as well-organized criminal activity takes advantage of weaknesses in people, processes and systems," Litan cautioned.

"To combat this risk, enterprises need to revisit their network configurations, and rearchitect them to minimize the damage that can be done. Organizations that have a critical Web presence and cannot afford relatively lengthy disruptions in online service should employ a layered approach that combines multiple DOS defenses," she advised.

Not only do hackers use DDoS attacks to shut down websites, but they also use them to distract security staff so they can steal confidential information or money. Litan said enterprises should cooperate with industry associations to share intelligence on DDoS attacks.

For more:
- see Gartner's release
- check out the Ponemon-Radware study

Related articles:
Server-based botnets used in attacks against US banks
Infonetics: Mobile attacks fuel DDoS prevention appliance demand