Printer Friendly

Gartner: Application-based DDoS attacks on the rise.

According to a new report from Gartner , hackers are adapting distributed denial of service ( DDoS ) attacks and combining these with social engineering tactics to try and infiltrate banks.

The report, called Arming Financial and E-Commerce Services against Top 2013 Cyberthreats , says that 25 percent of DDoS attacks to take place this year will be application-based.

Gartner said hackers send out targeted commands, which put strain on the central processing unit (CPU) and make the application unavailable.

Hackers use DDoS attacks primarily to distract security staff so that they can steal information or money from accounts, the analyst firm said.

According to Gartner US distinguished analyst Avivah Litan, this new class of application-based DDoS attacks were first targeted against banks in the United States during the second half of 2012.

"These attacks sometimes added up to 70 gigabits per second [Gbps] of noisy network traffic blasting at the banks through their Internet pipes," she said in a statement.

"Until this recent spate of attacks, most network-level DDoS attacks consumed only five Gbps of bandwidth, but more recent levels made it impossible for bank customers and others using the same pipes to get to their websites."

To combat this risk, Litan said financial services organisations should look at network configurations and re-architect these configurations to minimise the damage.

For example, the companies should employ a layered approach that combines multiple DOS defences.

"Gartner advocates co-operation with industry associations to share intelligence that can be acted on collectively and quickly, as well as enterprise investments in fraud prevention technology and the strengthening of organisational processes," she said.

Turning to the social engineering aspect of these new attacks, Gartner's cyber threats report included examples of criminals who have approached people posing as law enforcement agents or bank officers to help them through account migration. The people's bank accounts were then compromised by the criminal.

"Gartner recommends deploying layered fraud prevention and identity-proofing techniques to help stop the social engineering attacks from succeeding," Litan said.

"In particular, fraud prevention systems that provide user or account behavioural profiling and entity link analysis are useful in these cases."

According to Litan, call centre call analytics and fraud prevention software can be deployed to help catch fraudsters committing crimes via social engineering or by using stolen identities.

In addition, banks should educate customers about best security practices to help them avoid phishing attacks and social engineering ploys.

Corporate Publishing International. All rights reserved.

Provided by an company
COPYRIGHT 2013 Al Bawaba (Middle East) Ltd.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2013 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Publication:Computer News Middle East
Date:Feb 26, 2013
Previous Article:LG buys webOS rights from HP.
Next Article:Huawei unveils 'world's fastest smartphone'.

Terms of use | Privacy policy | Copyright © 2021 Farlex, Inc. | Feedback | For webmasters |