Twenty-five percent of distributed denial of service (DDoS) attacks that occur in 2013 will be application-based, according to Gartner, Inc.
During such incidents, attackers send out targeted commands to applications to tax the central processing unit (CPU) and memory and make the application unavailable.
"2012 witnessed a new level of sophistication in organized attacks against enterprises across the globe, and they will grow in sophistication and effectiveness in 2013," said Avivah Litan, VP and distinguished analyst at Gartner. "A new class of damaging DDoS attacks and devious criminal social-engineering ploys were launched against US banks in the second half of 2012, and this will continue in 2013 as well-organized criminal activity takes advantage of weaknesses in people, processes and systems."
Gartner has identified some of the top 2013 criminal trends and potential safeguards and solutions for firms at risk of attack:
High-bandwidth DDoS attacks are becoming the new norm and will continue wreaking havoc on unprepared enterprises in 2013
A new class of damaging DDoS attacks was launched against US banks in the second half of 2012, sometimes adding up to 70 Gbps of noisy network traffic blasting at the banks through their Internet pipes. Until this recent spate of attacks, most network-level DDoS attacks consumed only five Gbps of bandwidth, but more recent levels made it impossible for bank customers and others using the same pipes to get to their websites.
"To combat this risk, enterprises need to revisit their network configurations, and rearchitect them to minimize the damage that can be done," said Litan. "Organizations that have a critical Web presence and cannot afford relatively lengthy disruptions in online service should employ a layered approach that combines multiple DOS defenses."
Hackers use DDoS attacks to distract security staff so that they can steal sensitive information or money from accounts
Enterprises subject to DDoS attacks should take steps to mitigate potential damage from these attacks. In particular, Gartner advocates cooperation with industry associations to share intelligence that can be acted on collectively and quickly, as well as enterprise investments in fraud prevention technology and the strengthening of organizational processes.
People continue to be the weakest link in the security chain, as criminal social engineering ploys reach new levels of deviousness in 2013
In 2012, several different fraud scams that took social engineering tactics to new heights of deviousness have been reported, including criminals approaching people in person as law enforcement or bank officers to help them through account migration that then comprised their bank accounts.
Gartner recommends deploying layered fraud prevention and identity-proofing techniques to help stop the social engineering attacks from succeeding.
In particular, fraud prevention systems that provide user or account behavioral profiling and entity link analysis are useful in these cases. Call center call analytics and fraud prevention software can be deployed to help catch fraudsters committing crimes via social engineering or by using stolen identities. Customers should also be educated on best security practices to help them avoid phishing attacks and social engineering ploys.
More detailed analysis is available in the report: Arming Financial and E-Commerce Services Against Top 2013 Cyberthreats
Hot Topic
The Latest
Enterprises today operate in a real-time environment where uninterrupted access to trusted data has become a baseline expectation for users, applications and automated systems. Traditional DataOps models, built on manual effort and human triage, cannot keep pace with this always active demand. AI agents are emerging as the operational backbone, ensuring consistent data availability, reinforcing trustworthiness and enabling a level of scale that manual processes cannot achieve ...
For decades, trust in the digital workplace rested on familiar signals. We trusted faces on video calls, voices on the phone, and emails that appeared to come from people we knew. These cues felt human and intuitive. They anchored how decisions were made, approvals were granted, and access was authorized. AI-powered deepfakes have quietly broken that model ...
Cloud migration was supposed to be a one-way door. For most enterprises, it turns out it isn't. Cloud data repatriation is a real and growing trend. A new survey ... finds that 89% of organizations plan to expand their on-premises infrastructure footprint over the next two years — and 75% have already moved at least some workloads back from public cloud in the past 24 months. The findings point to a broad rethinking of where data belongs ...
Over the past few years, large language models (LLMs) have revolutionized the software industry. Given their ability to excel at multi-step reasoning, LLMs have helped enterprises streamline workflows and adapt to the unknown. However, employing such models comes with sky-high costs, latency issues, and limited flexibility. In the realm of IT operations, it is generally wiser to employ smaller, domain-specific models instead ...
For years, DevOps teams operated under a simple assumption: collect enough telemetry, and you can find and fix any problem. That assumption is breaking down. Modern enterprises now operate across microservices, hybrid cloud environments, APIs, Kubernetes, and highly automated delivery pipelines. Releases happen continuously, dependencies shift constantly, and failures spread faster than teams can diagnose them ...
New Relic surveyed IT and engineering leaders from the media and entertainment (M&E) sector to understand what's working — and where challenges persist with their observability practices. The findings reveal how M&E organizations are navigating rising platform complexity, audience expectations, and AI-driven change. Below are five takeaways that stand out ...
Let me start with something I've seen play out more times than I can count. A team hits a wall with the cloud. Costs creep up, then spike. Performance starts to feel inconsistent. Someone in finance asks a simple question like "why did this double?" and nobody has a clean answer ... Maybe this isn't the right place for everything. That realization feels like a breakthrough, like you've identified the problem. In reality, you've just identified the starting line ...
In MEAN TIME TO INSIGHT Episode 24, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA discusses network observability tool sprawl ...
In cloud-native systems, scaling is often as simple as moving a slider. For on-premise databases, the stakes are different. Over-provisioning hardware is expensive. Under-provisioning leads to performance bottlenecks that are difficult to fix once the equipment is in the rack ...
When most people think about cybersecurity, they picture firewalls, encryption, and access controls — technical tools designed to protect systems and data. But beneath the technology lies a deeper set of principles about trust, decision-making, and resilience ... The best leaders don't eliminate risk. They manage it intelligently. And in many ways, cybersecurity offers a surprisingly useful playbook for doing exactly that ...