Sapsiwai - Fotolia
Automated bots of hijacked computers will drive cyber attack innovation in 2016, according to a report by security firm Radware.
Businesses should arm themselves with “virtual cyber armies” to counter the rise of the “internet of zombies”, the firm’s latest annual application and network security report warns.
Radware believes that in 2016, security will become less about people and more about machines, as bots become the attack weapon of choice.
This is based on the fact that over 90% of 300 companies surveyed experienced a cyber attack, and half of those attacked experienced short, intensive automated attacks – up from 27% in 2014.
Radware researchers believe these attacks, known as "burst bot attacks", will be the fastest growing type of attack in 2016.
The security firm’s emergency response team (ERT), which compiled the report, said businesses should invest in “good bots” to fight “zombie-style” advanced persistent denial of service bots.
The financial services sector is most likely to be targeted by intensive bursts of bot-hacks, because zombie-style attacks are highly effective at creating “smoke screens” to divert the security team’s attention, leaving organisations vulnerable to more sinister attacks.
This approach is also becoming increasingly common in retail and healthcare, where the data is considered to be up to 50% more valuable.
2016: Year of the Zombie
Radware predicts that persistent attacks will feature highly in 2016, as automation takes over.
"This year things will change, and the first line of defence for information security will no longer include people,” said Adrian Crawley, regional director for Northern Europe at Radware.
Read more about hacktivism
- 2016 will see continued growth in cyber extortion, hacktivism and mobile malware, along with a shift to an offensive cyber security posture for governments and corporations, say researchers.
- Beijing’s Tsinghua University is the latest organisation to be attacked by hackers with a social or political agenda.
- IT lawyer Dai Davis looks at the rise of hacktivism and its impact on business andinternational politics.
- Information security expert Ira Winkler discusses hacktivism news in the wake of Anonymous and LulzSec, and justifies why enterprise hacktivism defence is not needed.
“As company defences continue to succumb to endless floods of sophisticated, automated attacks and new attack techniques, security officers will need to combine a virtual cyber army with skills,” he said.
According to Crawley, people cannot make decisions quickly enough to fight back on the front line. “We are approaching the fall of human cyber defences and the rise of cyber botted-defence,” he said.
Radware’s researchers found that, while 60% of businesses claim to be extremely well or very well prepared for traditional attacks, such as unauthorised access and worm and virus damage, the same proportion say they are not very prepared to fight the advanced persistent threats (APTs) that the internet of zombies brings.
Some 46% of businesses admitted they could not cope with a sustained attack that lasted longer than a day; 60% have to manually tune their security to manage each attack.
While finance is the biggest target for bot attacks, the researchers found that internet service providers (ISPs) and hosting companies attract more types of attack than any other sector.
Analysis of this trend revealed that sites deemed offensive are more commonly the target for hacktivists. By focusing a campaign on the ISPs that host such sites, hackers make their point by unleashing destructive campaigns that cause maximum disruption to thousands of other businesses that also rely on the ISP.
Attack motives a mystery
The study also shows that many companies are working blind when it comes to identifying the motivation for attacks.
“In 50% of cases, the organisations surveyed had no idea why they had been attacked,” said Crawley.
“Political hacktivism for social or ethical change was the cause in 34% of cases, angry users were behind 25% of cases and, in 27% of attacks, the competition was the perpetrator – a very common scenario in the gambling sector,” he said.
According to Crawley, the study shows that organisations have to prepare for the unexpected. “It’s a clear signal that – simply by association – your brand can be targeted, as in the case of the ISP. Even if you pride yourself on great customer service or running an ethical business, you can still find yourself in the limelight if something goes wrong – whether it’s your fault or not,” he said.
The report found some businesses are already adjusting to this reality, with 47% of those surveyed saying they invested in new technology in 2015 and overhauled processes, while 24% said they had hired the skills they need and 21% had enlisted help from outside to bridge the gap.