Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

DDoS Attacks Widespread in Financial Industry, Survey Finds

Since Operation Ababil began, the websites of banks such as CitiGroup and Wells Fargo have faced periodic bombardment from attackers. But while the big-name banks may garner most of the headlines, the problem of distributed denial-of-service (DDoS) attacks against the financial industry is more widespread than some may think.

Since Operation Ababil began, the websites of banks such as CitiGroup and Wells Fargo have faced periodic bombardment from attackers. But while the big-name banks may garner most of the headlines, the problem of distributed denial-of-service (DDoS) attacks against the financial industry is more widespread than some may think.

According to a new study by the Ponemon Institute, 64 percent of IT staffers surveyed said their banks have suffered at least one DDoS attack in the last 12 months. The study fielded responses from 650 respondents at 351 banks and yielded a sobering statistic – 78 percent believe DDoS attacks will continue or significantly increase in 2013.

“It really comes as no surprise that DDoS attacks are one of the most severe security risks cited by the banking industry and these results clearly demonstrate the level to which they are being targeted on a continued basis,” Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement. “When such an attack occurs, the time and efforts of IT staff are devoted to dealing with the problem instead of managing other IT operational and security priorities. This leaves financial institutions open to more dangerous attacks that further compromise their infrastructure.”

The situation is made more problematic by ongoing efforts by attackers to stay a step ahead of security professionals. The latest spate of attacks tied to Operation Ababil this year for example involved compromising a web server in order to redirect traffic from legitimate sites to sites the attackers wanted to take down.

DDoS attacks are lasting longer and getting more complex, noted Avi Chesla, chief technology officer at Radware, in a statement.

According to Radware’s 2012 Global Application and Network Security Report, server-based botnets, attack toolkits, encrypted layer attacks and attacker-for-hire services are all among the new strategies being utilized in DDoS attacks.

Using its Advanced Persistent Threat score, Radware found that 58 percent of attacks in 2012 scored a 7 or higher in complexity, more than twice the 23 percent that scored that high in 2011. More than 70 percent of the attacks in 2012 had scores of 3 or higher.

According to the Ponemon study, almost half of the respondents (48 percent) said their banks have suffered more than one DDoS attack during the past year. When asked about the barriers impacting their response, 50 percent listed insufficient personnel and expertise and a lack of effective security technology as the most critical concern.   

Advertisement. Scroll to continue reading.

“The belief that traditional perimeter security technologies such as firewalls are able to protect against today’s DDoS attacks is lulling not only financial institutions but organizations across every sector into a false sense of security,” said Marty Meyer, president of Corero Network Security, which commissioned the Ponemon study. “Many Organizations assume traditional firewalls can provide protection against DDoS and zero-Day exploits at the perimeter, yet this is not what they were designed to do and therefore attacks are still getting through.” 

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Fastly announced that Scott Lovett will join the company as Chief Revenue Officer, effective June 3, 2024.

Digital transformation consulting firm Synechron has hired Aaron Momin as CISO.

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

More People On The Move

Expert Insights