April 12, 2012 at 2:58 PM ET
Distributed denial-of-service attacks on financial firms increased 25 percent in the first quarter of this year, compared to the first quarter of 2011, and will likely only increase, says a security firm.
"The arms race in this is advancing rapidly," Neal Quinn, chief operating officer of Prolexic Technologies, told msnbc.com. "In the past, DDoS was just one tool to use" by attackers; "in the last 12 months, we have seen DDoS explode as the main attack tool."
DDoS attacks basically are executed when remote computers overwhelm a site with data, making it unavailable to visitors, essentially crippling a site. In the past 18 months, high-profile DDoS attacks have been carried by hacktivist group Anonymous against government and private industry websites.
Prolexic, which says it represents "more than 10 of the worlds largest banks due to market capitalization," notes in a new report that while it saw "an almost threefold increase in the number of attacks against its financial services" clients, there also was a "3,000 percent increase in malicious packet traffic" in the first quarter of this year compared to last. "The company also mitigated more attack traffic this quarter than it did in all of 2011."
China leads the way as the country from where DDoS attacks originate, followed by the U.S., Russia, then India.
"This quarter, a total of 230 countries were analyzed as source locations for infected hosts and now include locations such as Cook Islands, Somalia and Holy See (Vatican City State)," Prolexic said in the report.
Another fascinating and frightening figure: The duration of DDoS attacks is getting shorter: 28.5 hours, in the first quarter of this year, compared to 65 hours in the first quarter of last year.
There could be several reasons for that, Quinn said. It may be because hackers have "more targets to go after, that (attack) tool kits are changing or there are more players coming in."
But it could also mean hackers are getting savvier: "One reason to shorten duration is to avoid being captured," he said. "The longer you sustain any kind of security event, the more likely you are to be found out."