Expect more-sophisticated Bank DDoS attacks this year
What's the end of February without some scare tactics? Gartner warns that one-quarter of distributed denial of service attacks this year will be against applications. Really? That low? I'm surprised the number isn't higher. After all, as enterprises shore up the network perimeter, HTTP remains open wide enough to drive a freight train through and for that long duration.
The attacks seek to overtax CPUs, disrupt applications and, ultimately, distract IT and security personnel. While they look over there, the bad boys are work over here. Gartner sees DDoS attacks as part of a larger trend singling out financial institutions.
"A new class of damaging DDoS attacks and devious criminal social-engineering ploys were launched against U.S. banks in the second half of 2012, and this will continue in 2013 as well-organized criminal activity takes advantage of weaknesses in people, processes and systems", Avivah Litan, Gartner vice president, says. He emphasizes there is a "new level of sophistication in organized attacks against enterprises" and that "they will grow in sophistication and effectiveness" this year.
These attacks increase in intensity -- blasting some financial institutions with up to 70 Gbps of "noisy network traffic", via ye old Internet pipes. 5 Gbps are more typical.
"To combat this risk, enterprises need to revisit their network configurations, and rearchitect them to minimize the damage that can be done", Litan says. "Organizations that have a critical Web presence and cannot afford relatively lengthy disruptions in online service should employ a layered approach that combines multiple DoS defenses".
I guess unplugging the Internet isn't the answer. How will we do online banking?