Radware®, a leading provider of application delivery and application security solutions for virtual and cloud data centers, today announced the release of its 2013 Global Application and Network Security Report. The annual report indicates that Distributed Denial of Service (DDoS) attacks will continue to be a serious issue in 2014 as attackers become more agile and their tools become more sophisticated. In 2013, increasingly widespread DDoS attacks have led to detrimental service outages and service degradation, critically impacting revenue, overall customer satisfaction and brand perception. The report also reveals that attackers have become faster in defeating newly deployed mitigation tools.
Radware’s Emergency Response Team (ERT), which actively monitors and mitigates attacks in real-time, developed the report - delivering an important analysis of DoS/DDoS attacks from both an enterprise and technical perspective, and provides best practices to inform and help organizations combat network assaults. The 2013 report was compiled using data from over 300 cases handled by Radware’s ERT in 2013, a vendor-neutral security industry survey conducted by the ERT, and the newly added Executive Survey consisting of personal interviews with 15 high-ranking security executives.
“Our report indicates that DoS/DDoS attacks have increasingly become the tool of choice for cyber-hackivists groups and will continue to wreak havoc on organizations,” says Avi Chesla, chief technology officer at Radware. “Eighty-seven percent of our respondents encountered service level issues from these style of attacks. The negative impact of a service outage is already understood, but even small instances of service degradation can have harmful, lasting effects on an organization’s brand image, customer satisfaction and ultimately its bottom line.”
Key findings from the report include:
• Service Degradation is Enough to Interrupt Business. Sixty percent of survey respondents stated they experienced service degradation due to attacks in 2013. While it might not seem as detrimental as a complete shutdown, studies show that 57 percent of online consumers will abandon a site after waiting three seconds for a page to load and 80 percent of those people will not return. For service-based organizations, this can result in immediate revenue loss.
• Attackers (Quickly) Strike Back. Attackers are increasingly adapting and defeating new defense protocols implemented by organizations through the use of new attack vectors. Using HTTP flood attacks and tools like “Kill’ em All,” attackers are dramatically shortening the mitigation cycle sometimes to a matter of hours after resources have been deployed.
• DoS/DDoS Attacks Leave a Path of Destruction. While powerful attacks occurred in 2011 and 2012, the overall intensity of the attacks and the percentage of such attacks with high risk have increased over the last several years. DDoS attacks increased in severity by 20 percent in 2013, according to Radware’s DoS/DDoS Risk Score assessment.
• The Industry ‘Hit List’ Expands. The financial services industry joins government organizations as the sectors with the highest risk of attacks. Risk for financial services increased due to hacktivist groups performing DDoS attacks like the continuation of Operation Ababil and those on several BitCoin exchanges not only for destructive purposes, but also to simultaneously mask other intrusions leading to fraudulent activities. Risks of attacks to web hosting companies and Internet Service Providers also increased in 2013.
• New Attack Vectors, One Dangerous Commonality. Survey results showed that DNS attacks are now the second most frequent attack vector organizations are fighting, behind DoS/DDoS. These are appealing to attackers due to their ability to generate massive traffic with limited resources and multi-layer architecture that makes tracing the assailants nearly impossible. In addition to DNS attacks, other attack vectors also emerged as significant issues for organizations. Encrypted application-based attacks made up 50 percent of all web attacks. Web application login pages were hit on a daily basis for 15 percent of organizations.
“Attacks in 2014 are not slowing down. In fact, organizations need to take action now to prepare their networks particularly in the financial and government sectors,” added Chesla. “The results of this report are a call to action, and the best way to fight back against cyber attacks is to be prepared and engage the support of cyber security experts.”
Radware’s ERT recommends the following steps to anticipate and mitigate attacks:
• Speed up mitigation time. Organizations need to ensure that they can detect attacks and deploy mitigation solutions in the shortest time possible.
• Prepare blanket coverage. With multi-vector DoS/DDoS attacks becoming more prevalent, organizations need to invest in wider attack coverage that can detect and protect against attacks of any type and size.
• Establish a single point of contact. Having either an internal security team employed with DoS/DDoS experts or an external emergency response team who can help choose the correct mitigation options is crucial for organizations in case of an attack.
To download the complete 2013 Global Network & Application Security Report, which includes the ERT’s recommendations for how organizations can best prepare for mitigating cyber threats in 2014, please visit radware.com/ert-report-2013.
About the Radware Emergency Response Team (ERT)
Radware’s ERT is a group of dedicated security consultants who are available around the clock. As literal “first responders” to cyber attacks, Radware’s ERT members gained their extensive experience by successfully dealing with some of the industry’s most notable hacking episodes, providing the knowledge and expertise to mitigate the kind of attack a business’s security team may never have handled. Through the report, the ERT reveals how their in-the-trenches experiences fighting cyber attacks provide deeper forensic analysis than surveys alone or academic research.
Radware® (radware.com | DDoSWarriors.com), is a global leader of application delivery and application security solutions for virtual and cloud data centers. Its award-winning solutions portfolio delivers full resilience for business-critical applications, maximum IT efficiency, and complete business agility. Radware's solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down.
©2014 Radware, Ltd. All rights reserved. Radware and all other Radware product and service names are registered trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of their respective owners.
This press release may contain statements concerning Radware's future prospects that are "forward-looking statements" under the Private Securities Litigation Reform Act of 1995. Statements preceded by, followed by, or that otherwise include the words "believes","expects","anticipates","intends","estimates","plans", and similar expressions or future or conditional verbs such as "will","should","would","may" and "could" are generally forward-looking in nature and not historical facts. These statements are based on current expectations and projections that involve a number of risks and uncertainties. There can be no assurance that future results will be achieved, and actual results could differ materially from forecasts and estimates. These risks and uncertainties, as well as others, are discussed in greater detail in Radware's Annual Report on Form 20-F and Radware's other filings with the Securities and Exchange Commission. Forward-looking statements speak only as of the date on which they are made and Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radware's public filings are available from the Securities and Exchange Commission's website at sec.gov or may be obtained on Radware's website.