Radware, a leading provider of cyber security and application delivery solutions, today announced the release of its Global Application and Network Security Report 2015-2016, which highlights that the age of the ‘Internet of Zombies’ is upon us.
In the last year, over 90% of companies surveyed experienced a cyber attack. Half of all businesses attacked said they had experienced burst bot attacks, a short but intensive form of automated attack, up from 27% in 2014. Radware’s Emergency Response Team (ERT), which compiles the report using insight from dealing with attacks, complex analysis of the ‘dark web’ and input from over 300 companies*, believes that ‘burst bots’ will be the fastest growing type of attack in 2016. It’s warning businesses to ensure they invest in ‘good bots’ to fight the relentless ‘zombie’ style Advanced Persistent Denial of Service (APDoS) bots that attackers can leave to run for days, even weeks, at a time.
The financial services sector is most likely to be targeted by intensive bursts of bot-hacks because zombie style attacks are highly effective at creating ‘smoke screens’. This diverts the security team’s attention away, leaving them vulnerable to further attacks that are more sinister such as extortion or theft of customer data.
This approach is also becoming increasingly common in retail, and healthcare where the data is considered to be up to 50% more valuable. Radware’s ERT predicts that persistent attacks will feature highly this year as automation takes over.
Adrian Crawley, regional director for Northern EMEA at Radware, believes that as hacking becomes more automated, businesses will need to find ways to fight the ‘Internet of Zombies’, “This year things will change and the first line of defence for information security will no longer include people. As company defences continue to succumb to endless floods of sophisticated, automated attacks and new attack techniques, CSOs will need to combine a virtual cyber army with skills. People are simply not equipped to make the decisions quickly enough to fight back on the front line. We are approaching the fall of human cyber defences and the rise of cyber botted-defence. The age of the Internet of Zombies is here and businesses will need to quickly adapt their approach.”
Businesses’ preparedness is mixed: 60% state they are extremely or very well prepared for the traditional attacks like unauthorised access and worm and virus damage, yet the same proportion say they are not very prepared to fight the Advanced Persistent Threats (APT) that the Internet of Zombies brings. 46% of businesses admitted they couldn’t cope with a sustained attack that lasted longer than a day and 60% have to manually tune their security to manage each attack.
While finance is the biggest target for bot attacks, ISPs and hosting companies attract more types of attack than any other sector. Analysis on this trend by Radware’s ERT team has uncovered that sites that are deemed ‘offensive’ are more commonly the target for hacktivists. By focusing a campaign on the ISPs that host such sites, hackers make their point by unleashing destructive campaigns that cause maximum disruption to thousands of other businesses that also rely on the ISP.
The study also shows that many companies are working blind when it comes to identifying the motivation for attacks. Adrian explains: “In 50% of cases the organisations surveyed had no idea why they had been attacked, political hactivism for social or ethical change was the cause in 34% of cases, while angry users were behind 25% of cases. In 27% of attacks the competition was the perpetrator – a very common scenario in the gambling sector.
“These findings tell us that you have to prepare for the unexpected. It’s a clear signal that simply by association your brand can be targeted, as in the case of the ISP. Even if you pride yourself on great customer service or running an ethical business you can still find yourself in the limelight if something goes wrong whether it’s your fault or not.”
Some businesses are responding – 47% invested in new technology in 2015 and the same overhauled processes, while 24% of businesses hired the skills they need, with 21% enlisting help from outside the company to bridge the gap.
This article was orginally posted in totaltele.com
future of cybersecurity 