According to a report from Solutionary, organizations are spending a staggering amount of money in the aftermath of an attack: as much as $6,500 per hour to recover from DDoS attacks and more than $3,000 per day for up to 30 days to mitigate and recover from malware attacks.
All of those third-party consultants, PR crews, incident response teams, mitigation software and other immediate investments add up, apparently. But other damages need to be considered as well: the report numbers don’t include revenue that may have been lost due to related systems downtime, or lost productivity.
Nor do they include the intellectual property-related costs. "Cyber criminals are targeting organizations with advanced threats and attacks designed to siphon off valuable corporate IP and regulated information, deny online services to millions of users and damage brand reputation," said Don Gray, chief security strategist with Solutionary.
Unfortunately, the likelihood of suffering such an attack is, of course, going up. They’re also becoming focused on certain arenas.
For instance, in addition to traditional network-layer attacks, a full 75% of DDoS attacks target Secure Socket Layer (SSL) protected components of web applications, the report found. The downside is that detecting and blocking attacks in encrypted protocols primarily used for legitimate traffic can be more complex than responding to historical TCP/UDP-based DDoS attacks.
Malware attacks, meanwhile, are becoming vertical-specific. The report found that 80% of attempts to infect organizations with malware are directed at financial (45%) and retail (35%) organizations. These forays frequently arrive as targeted spam email, which attempts to coerce the recipient to execute an attachment or click on an infected link.
Unfortunately, a full 54% of malware typically evades anti-virus detection. Only 46% of samples tested via VirusTotal by Solutionary were detected by anti-virus – indicating a clear need for companies to invest in multiple malware detection mechanisms.
The report also found that Java is the most targeted software in exploit kits, replacing Adobe PDF exploits. Almost 40% of total exploits in exploit kits now target Java.
When it comes to where attacks are originating, domestic IP addresses are the largest source of attacks against US organizations. “While there has been considerable discussion about foreign-based attacks against US organizations, 83% of all attacks against them originate from US IP address space, and the absolute quantity of these attacks vastly outnumbers attacks seen from any other country,” the company said. “One contributing factor is foreign attackers using compromised machines near attack targets in the US to help evade security controls. This attack localization strategy has also been observed in attacks on targets in other countries.”
Attackers from other countries focus on different industry targets – 90% of all attack activity from China-based IP addresses is directed against the business services, technology and financial sectors. And a full 85% of all attack activity from Japan-based IP addresses identified by Solutionary was focused against the manufacturing industry. However, attacks targeting the financial sector appear to originate fairly evenly from attackers in many countries across the world.
Attack techniques also vary significantly by country of origin. Among the top four non-US source countries, the majority of attack traffic from China is indicative of communication with already-compromised targeted devices, while Japanese and Canadian attackers appear to focus more on application exploit attempts. Attacks originating from Germany involve more botnet Command and Control (C&C) activity.