In the face of an ever-evolving cybersecurity landscape, researchers at Radware® (NASDAQ: RDWR), a leading provider of application delivery and application security solutions for virtual and cloud data centers, have identified a number of new attack methods representative of today’s increasingly sophisticated and severe distributed denial of service (DDoS) threat. Radware’s 2012 Global Application and Network Security Report highlights server-based botnets and encrypted layer attacks as just two of the new attack tools challenging organizations during DDoS attacks. Most recently, these tactics were leveraged by perpetrators in the attacks against U.S. financial institutions that have been ongoing since September 2012.
Prepared by Radware’s Emergency Response Team (ERT) which actively monitors and mitigates attacks in real-time, the in-depth research report also found that while security organizations have focused their efforts and attention on the pre and post-phases of defense, attackers now launch prolonged attacks that last days or weeks. This has created a vulnerable blind-spot as defenders lack the capabilities and resources to mitigate attacks in the “during” phase which attackers can exploit to their advantage.
“The Radware ERT sees hundreds of DoS/DDoS attacks each year, and we’ve found attacks lasting more than one week have doubled in frequency during 2012,” says Avi Chesla, chief technology officer at Radware. Through empirical and statistical research coupled with front-line experience, our team identified trends that can help educate the security community.
“Through highlighting significant trends found in this report, our goal is to provide actionable intelligence to ensure organizations can better detect and mitigate these threats that plague their network infrastructure,” adds Chesla.
The insider threat is not really a cybersecurity problem or a data analytics issue; it's a human risk problem that can only be solved by understanding how people think and behave. ... More >>
Organizations need to take a more structured approach to analyzing the security impacts of recent trends and prioritizing their security investments. ... More >>
While most ransomware reports have focused on phishing as the conduit for infection, organizations can fall victim in alternative ways. ... More >>