Distributed denial-of-service attacks increasing in 2012: Study

Financial services companies experienced a dramatic increase in distributed denial-of-service attacks during the first quarter of 2012 compared with the fourth quarter of 2011, according to a report issued by Prolexic Technologies Inc.

The Hollywood, Fla.-based company, which protects firms against distributed denial-of-service attacks, based its report on its own client data.

A distributed denial-of-service attack is when several compromised systems attack a single target, causing a denial of services for the targeted system's users. The flood of incoming messages to the target system essentially forces it to shut down, which denies service to the system's legitimate users.

Prolexic said that, among its clients, mitigated attack traffic targeting the financial services industry increased to 65 trillion bits of data and 1.1 trillion packets in the first quarter of this year from 19.1 trillion bits of data and 14 billion packets of malicious traffic in 2011's fourth quarter.

The average duration of an attack campaign decreased to 40 hours in 2012's first quarter from 50 hours in 2011's fourth quarter, according to the report.

“The reduction in attack campaign duration, combined with an increase in mitigated bytes and packets, indicates that attackers are using shorter, stronger bursts of traffic to conduct” distributed denial-of-service campaigns, says the report.

“The considerable increase in attack intensity also indicates that attackers are evolving their strategies, increasing their firepower, and focusing on specific targets, such as financial services,” the report says.

Comparing year-ago figures, the Prolexic Security Engineering and Response Team also reported a 25% increase in the total number of attacks in this year's first quarter compared with the same period a year ago. The average attack duration declined to 28.5 hours in the first quarter of 2012 compared with 65 hours in 2011's first quarter.

January was the most active month for distributed denial-of-service attacks, accounting for 41% of the quarter's total attacks, although the most active week of the quarter was Feb. 12-19.

The largest number of attacks originated from China, followed by the United States and Russia.

The report predicts more targeted attacks.

“Traditionally, malicious attackers have spent little time customizing their toolkits to target specific applicators for a given target,” says the report. “In 2011, that changed,” and the Prolexic team “observed a number of attacks that targeted specific applications.” This trend is continuing this year, it says.

Copies of the Prolexic Attack Report Q1 2012 can be downloaded at here.