Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

BANKS NEED TO REACT TO EVOLVING THREAT OF DDOS ATTACKS

Rik Turner, Senior Analyst, Financial Services Technology OVUM
Rik Turner, Senior Analyst, Financial Services Technology OVUM

As DDoS attacks become more varied, banks must start to look at cloud-based security for protection

With politically motivated hacktivists emerging as a new security concern alongside the more traditional hackers seeking financial gain, the nature and scale of DDoS attacks have changed greatly according to Ovum. New research* from the global analysts indicates that banks in 2014 will be caught between massive-scale DDoS attacks from hacktivists and smaller, smarter financially motivated exploits that use DDoS to avoid detection.

Rik Turner, senior analyst, financial services technology Ovum comments: “DDoS attacks have undergone significant evolution over the past year. On the one hand they have grown larger, even while their average individual duration has actually decreased. Attacks the size of those mounted in Operation Ababil [a coordinated series of DDoS assaults on websites of US financial institutions launched in September 2012] are still the outliers rather than the norm.

“However, given the availability of ever larger and cheaper botnets, Operation Ababil points in one direction that DDoS can go. Another is to harness more sophisticated technologies, such as headless browsers, that enable relatively small attacks that are of a shorter duration to go undetected and potentially wreak their own kind of havoc on a bank’s website. Finally we have seen a trend of DDoS attacks being blended into other activities in order to throw banks off the trail of more financially motivated exploits. By employing a DDoS alongside an account hacking attack, the criminals hope to enjoy more time to transfer funds and remove traces of their activities.”

Given the increasing variation, a multilayered approach to DDoS mitigation will become necessary. Part of a bank’s infrastructure can address the more sophisticated, finely targeted attacks with filtering, while another part can address the blunt instrument of a volumetric attack through absorption tactics. Cloud-based security solutions in particular will play a large role in helping banks secure themselves against volumetric DDoS attacks, especially given the high upfront costs involved in adding bandwidth and infrastructure on premise  at a time when banking budgets are under intense scrutiny.