Third quarter distributed denial of service activity increased by 53% compared to Q2, according to Verisign. The Reston, Va., cybersecurity firm also reported its Q3 2015 DDoS Trends Report numbers were the highest quarterly levels in the last two years.
For the fourth quarter in a row, the IT Services/Cloud/SaaS industry was most frequently targeted by DDoS attacks, representing 29% of mitigation activity in Q3. Media and Entertainment closely followed with 26% of mitigations. The Financial and Payments sector remained a heavily-targeted industry, representing 15% of all Verisign mitigations.
DDoS attacks produce damaging consequences, including lowered customer confidence and lost revenue.
Additional notable Verisign observations from Q3 2015 included: The average attack size increased to 7.03 Gbps, 27% higher than Q2 2015; 59% of attacks peaked at more than 1 Gbps; and, 20% of attacks were greater than 10 Gbps.
Verisign believed that this distribution of attack size was an insightful metric for enterprises as they consider adoption of an on-premise, cloud or hybrid DDoS protection approach.
The size distribution suggested that, according to the report, purely based on size considerations, an on-premise DDoS appliance with a 1 Gbps capacity would be ineffective in at least 59% of the attacks, while a 10 Gbps appliance might be ineffective in handling 20%.
“Hence, a cloud or a hybrid approach to DDoS protection is recommended,” Verisign said in the report.
Verisign also noted a peak volumetric DDoS attack of 60 Gbps and 12 million packets per second for User Datagram Protocol floods, and 34 Gbps/30 Mpps for Transmission Control Protocol floods in the third quarter.
The most common attacks mitigated were Network Time Protocol, Domain Name System and Simple Service Discovery Protocol UDP floods, which collectively accounted for approximately 65% of Q3 attacks.
Another significant disclosure in the report was operating systems once thought to be more secure against malware and vulnerabilities, like Linux, Mac OS X and iOS, are increasingly the target of bot herders and malware authors for cybercrime and hacktivist activities.
The increasing number of data breaches and their consequences could soon hinder the growth of cloud-based mobile apps, according to a recent survey from the Israel-based security firm Radware. The survey revealed 87% of consumers believe cloud-based apps are vulnerable and 54% would stop using them if hacked.
Earlier this week, the Federal Financial Institutions Examination Council issued a statement, “Cyber Attacks Involving Extortion,” alerting financial institutions of the increasing frequency and severity of this particular breed of cyber attacks.
Cybercriminals and activists used a variety of strategies, including ransomware, distributed denial of service, and theft of sensitive business and customer information to extort payment or other concessions from victims, according to the alert. In some cases, these attacks had significant effects on businesses' access to data and ability to provide services. Some businesses suffered serious damage through the release of sensitive information.
Last July, the Internet Crime Complaint Center issued an alert regarding an increasing number of complaints from businesses hit by DDoS extortion campaigns via email. The FBI said it suspects multiple individuals were involved in these ransom plots. In a typical extortion campaign, the targeted business receives an email threatening a DDoS attack on the company's website unless it pays a ransom. Ransoms, usually demanded in Bitcoin currency, vary in price.
Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.
Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
- Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Roy Urrico
Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).
