The number of companies under constant cyber-attack has rocketed from four percent last year to 19 percent today, and it's no longer a one-off but a deliberate method of attack – yet more than half of companies (52 percent) in a recent survey* say that they do not have the resources to tackle around-the-clock attacks for more than a day.
Talking to SCMagazineUK.com on the launch of its Ring of Fire', survey, (2014-2015 Global Application & Network Security Report) which tracks cyber attacks and predicts the likelihood of attack on major industries, Adrian Crawley regional director for the UK and Ireland, Radware explained: “It's a mix of volumetric network attacks as well as application attacks – about 50:50. The volumetric attacks are increasingly using DNS applification and reflection techniques so that minimal information is initially sent, but its amplified 100, or even 300 times. It's easy to do and attacks are rising from 10GB to 50GB, with many up to 100GB and some even larger. They are also lasting longer and some organisations are under constant attack. They are larger, last longer and use a mix of vectors.”
It was also noted that these attacks are dynamic, with Crawley citing one retailer who blocked all traffic from Russia during an attack, and the attackers changed location on the fly and the attacks then came from China.
Sarb Sembhi, director at STORM Guidance, commented to SCMagazineUK.com: "The trend is that attacks will be far more sustained than in the past, especially DDoS. With increasing use of broadband, going forward, companies that didn't used to need instant response will need to look at getting that capability – and this trend will continue."
Among leading targets are ISPs and hosting companies. As Crawley explained: “Although ISPs are set up to handle volume attacks, these attacks do cause degradation in the network and create a distraction so that lower volume specific application level attacks occur at the same time. And the attackers use tools to automatically change the type of attack as the attack goes on.
Sembhi adds: “ISPs and hosting companies are attractive targets as, with EU rules on data retention, if you hack an ISP or hosting company, for every customer, there are also their customer details so it's a high-value target.”
For other companies, off-loading volumetric attacks to the cloud is seen as a good response, but Crawley emphasises a multi-layered approach is needed as there will still be the application attacks – such as Slow Lorris, which look like real users and go for the server, so it's necessary to tackle both types of attack.
For the same reason Crawley notes that: “It's necessary to have the right personnel and not just rely on technology – whether that's in-house staff or external emergency response teams. You do also need automated processes to protect and mitigate attacks, with an emphasis on reducing time to mitigation via automation, down to around 10 seconds using some providers. But you still face zero day exploits and that's where you need intelligence as well at technology.”
The only vertical becoming less critical was financial services. This is not because they are less under attack but because they have taken measures to tackle the problem over the past two years. And they had the capability to employ people and deploy technology. The Ababil operation lasting seven months, and legislation in the US and UK, have also given firms more incentive to come up with DDoS attack mitigation solutions. So while financial services do face more sophisticated attacks, including encrypted attacks, they are less targeted as attackers go for the low hanging fruit.