Database Report Reveals Increase in DDoS Attacks
Trustwave, a provider of information security and compliance solutions, has released its Web Hacking Incident Database (WHID) semi-annual report, which finds an increase in distributed denial of service (DDoS) attacks and determined that there was a lack of properly implemented anti-automation defences to ensure application availability during such attacks.
DDoS as an attack vector and a notable trend for the second half of 2010 was successful in disrupting commerce and bringing down websites of large businesses and associations. Denial of service attacks jumped to the number one attack vector, up 22%, as compared to the first half of 2010.
Website downtime is far from the traditional intended outcome of an attack, which is typically hacking for profit. As a result, most businesses were not equipped to handle such an attack because they had not tested, nor properly implemented, anti-automation defences for their web application architecture.
The study found that most businesses wrongly assume that network hardware will stop DDoS attacks, or believe their website will not be targeted by such attacks. But the increase in this attack vector proves that businesses, both large and small, should test their website limitations to better understand how their applications will respond to such an attack. As the paradigm shifts from attacking the network to attacking the application, web application firewalls can help businesses monitor application performance metrics.
“The WHID helps businesses better understand the potential business and technological impact of an attack,” said Robert McCullen, chairman and chief executive officer (CEO) of Trustwave. “Such research enables informed and accurate decisions to protect and secure online commerce.”