As Easter approaches, millions of Catholics are devoting their attention to Jesus. But the nefarious hacking group known as Anonymous, which refuses to give up its position in the tech news headlines, is devoting its attention to distracting the Catholics by attacking the Vatican's Web site.
The Vatican's main Web site was down on Wednesday after a group claiming affiliation with Anonymous launched an attack on the online venue. The motive: to protest Catholic doctrine, the burning of books during the Inquisition, and the sexual abuse of children by priests.
Beyond sites like Panda Software, which Anonymous also hit earlier this week, the Vatican and other targets, the network security firm Corero is warning that DDoS attacks are a competitive weapon of choice for unscrupulous online businesses. First, let's explore the attack on the Vatican site.
Anonymous Getting Savvier
"The DDoS attack on the Vatican Web site may be a response to a recently published analysis by security company Imperva, which assisted the Vatican in defending against an unsuccessful hacking campaign, including an ineffective DDoS attack, by Anonymous last summer," said Neil Roiter, research director at Corero.
As Roiter sees it, the fact that this attack achieved some success shows that Anonymous may have improved its techniques since then, and underscores the need for effective DDoS defense technologies and programs.
"We should not lose sight of the fact that according to the analysis, the primary aim of last summer's campaign was to steal confidential information. DDoS attacks are commonly used as smokescreens to launch other attacks," Roiter said. "This was the case in the Sony PlayStation Network attack in which some 77 million customer records were stolen."
Online Businesses Beware
New Corero research among IT directors in 200 mid- to large-sized enterprises in the United States found that unfair business practices trumped "hacktivism" as the reason cited for DDoS attacks. Specifically, the poll showed 63 percent of IT directors were highly concerned about the threat of a DDoS attack, with 38 percent of the companies hit by at least one attack in the last 12 months.
"Hacktivists are a threat to anybody who touches on public policy, privacy around the Internet and, of late, anybody in law enforcement, but the average business will never find itself in the sights of groups like Anonymous, whereas every business has competitors," said Richard Stiennon, chief research analyst at IT-Harvest. "These new low-and-slow application-layer attacks are ideal for competitors seeking to disrupt business activity."
It's Not About the Money
Unfair business advantage was cited as the leading source of DDoS attacks reported by victim companies in each vertical surveyed: financial services (62 percent), retail (47 percent) and manufacturing (46 percent). The research also found that financial extortion, the threat of DDoS for ransom money, was the least frequent motive for DDoS attacks, with enterprises citing it 12 percent of the time.
"As businesses grow increasingly dependent on the Internet to reach customers and interact with partners and suppliers, so the attackers grow more sophisticated in their means of attack," Roiter said. "This research reveals that enterprises across verticals are justifiably concerned about being targeted by DDoS attacks, and they should be particularly wary of the new low-and-slow application-layer attacks, which appear to be legitimate and fly under the radar."