Service-denying attacks against financial services websites increased dramatically in quantity and intensity in the first quarter, a security company reported.
A nearly 80-fold increase in packets of malicious traffic was recorded from the fourth quarter 2011 to the first quarter of this year, Prolexic Technologies said Wednesday in its quarterly report on distributed denial of service attacks, or DDoS. Mitigated attack traffic targeting the financial services sector was 65 terabytes of data and 1.1 trillion packets, compared to 19.1 TB and 14 billion packets in the previous quarter.
While attacks intensified, their length of time fell to 40 hours in the first quarter from 50 hours in Q4, an indication that attackers were using shorter, stronger bursts of traffic in DDoS campaigns. "The considerable increase in attack intensity also indicates that attackers are evolving their strategies, increasing their firepower and focusing on specific targets such as financial services," the report said.
The stats were compiled by the Prolexic Security Engineering and Response Team, based on DDoS attacks they managed to redirect from clients. The team logged a 25 percent rise in the total number of attacks year to year in the first quarter, while the duration shortened to 28.5 hours from 65 hours.
January was the most active month, accounting for 41 percent of the quarter's total number of attacks. March was the least active.
China reclaimed its traditional position as the leading originator of attacks with the Unites States number two, followed by Russia. Japan, which topped the list last quarter, fell to 26th place. Japan's descent was expected, given last quarter's ranking was a "one-time anomaly," the report said.
In looking at the rest of the year, Prolexic said it expected to see an increase in Mac OS X botnets behind DDoS attacks, now that the Apple platform has gained sufficient market share. This week, Apple went on the offensive against a recently discovered botnet comprised of 600,000 malware-infected Macs. The computer maker said it was searching for the command-and-control servers and asking Internet service providers to take them offline.