January 2012 Was Most Intense Period of Cyber Attacks

MAHWAH, New Jersey, January 31, 2012 /PRNewswire/ –

According to network security specialists at Radware (NASDAQ:RDWR), a leading provider of application delivery and application security solutions for virtual and cloud data centers, the second half of January contained one of the most intense periods of cyber attacks ever.

The wave of hacks started on January 16 when pro-Palestinian “hacktivists” unsuccessfully tried over three days to bring down the Israeli stock market, national airlines, the central bank, the ministry of foreign affairs, and several major and vulnerable private banks.  That was followed on January 23 when hackers loosely affiliated with the Anonymous collective crashed websites in the U.S. to protest proposed antipiracy legislation and the shut down by authorities of the Megaupload.com web site.  Among the sites attacked were the U.S. Department of Justice, the Federal Bureau of Investigation, and the White House, as well as corporations like the Motion Picture Association of America, the Recording Industry Association of America, CBS.com, Warner Music and Universal Music.

An analysis of the cyber attacks by Radware’s Emergency Response Team (ERT) notes that companies relying only on ‘one-size-fits-all’ managed security, or on-premise security solutions alone could not withstand the coordinated attack campaigns.  The Radware ERT review of the attack traffic from several of the reported cases shows that:

  • Attackers are deploying multi-vulnerability attack campaigns, targeting all layers of the victim’s IT infrastructure – this includes the network, servers and application layers.
  • Attackers who previously used distributed denial of service (DDoS) attack tools that focused on networks have developed new DDoS tools focusing on applications.
  • Attackers are using “low & slow” attack techniques that misuse the application resource rather than resources in the network stacks.
  • Attackers have improved evasion techniques to avoid detection and mitigation including SSL-based attacks, changing the page request in a HTTP page flood attacks and more.

This doesn’t mean that businesses should abandon service providers when instituting DDoS protection.  Radware’s ERT points out that the cloud anti-DoS and CDN should be considered the first line of defense because they can remove the volumetric bandwidth attacks that saturate the online business links.  That should be followed by a second line of defense consisting of perimeter network security capable of removing the application DDoS attacks, “low & slow” DoS attacks, and SSL attacks such as Slowloris, Socketstress, SSL handshake attacks, HTTPS floods and others.  These threats require more “intimacy” with the application level and thus must be done on-premises.  The service provider typically cannot detect these attack tools proficiently, or even if detected, will not be able to accurately mitigate them.

For more information,  visit http://www.radware.com.

Leave a Reply