Banks will face increasing massive-scale DDoS attacks from hacktivists this year, in addition to the smaller scale DDoS attacks used by cybercriminals to distract IT teams from detecting theft, predicts market research firm Ovum.
A distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.
In a typical DDoS attack, the assailant begins by exploiting a vulnerability in one computer system and making it the DDoS master. The attack master, also known as the botmaster, identifies and identifies and infects other vulnerable systems with malware. Eventually, the assailant instructs the controlled machines to launch an attack against a specified target.
There are two types of DDoS attacks: a network-centric attack which overloads a service by using up bandwidth and an application-layer attack which overloads a service or database with application calls. The inundation of packets to the target causes a denial of service. While the media tends to focus on the target of a DDoS attack as the victim, in reality there are many victims in a DDoS attack — the final target and as well the systems controlled by the intruder. Although the owners of co-opted computers are typically unaware that their computers have been compromised, they are nevertheless likely to suffer a degradation of service and not work well.
A computer under the control of an intruder is known as a zombie or bot. A group of co-opted computers is known as a botnet or a zombie army. Both Kaspersky Labs and Symantec have identified botnets — not spam, viruses, or worms — as the biggest threat to Internet security.
“DDoS attacks have undergone significant evolution over the past year. On the one hand they have grown larger, even while their average individual duration has actually decreased,” observed Rik Turner, senior analyst for financial services technology at Ovum.
“Attacks the size of those mounted in Operation Ababil are still the outliers rather than the norm,” Turner added.
Operation Ababil involved a series of coordinated DDoS attacks against U.S. banks carried out in the fall of 2012. Bank of America, JPMorgan Chase, Wells Fargo and PNC Bank were the primary targets of the attacks, which disrupted service to their online banking portals.
Cyber threat information sharing carried out by the Financial Services Information Sharing and Analysis Center helped thwart the campaign, which was carried out by a group calling itself Izz ad-Din al-Qassam Cyber Fighters.
Turner noted that banks will continue to face more targeted DDoS attacks, particularly those from cybercriminals intent on stealing money: “We have seen a trend of DDoS attacks being blended into other activities in order to throw banks off the trail of more financially motivated exploits. By employing a DDoS alongside an account hacking attack, the criminals hope to enjoy more time to transfer funds and remove traces of their activities.”
Turner recommends that banks consider cloud-based security products to help them deal with large-scale DDoS attacks and filtering to help with more targeted attacks.
– check out Turner’s analysis
Read more of this article and find other worthy stories at fierceitsecurity.com
Start now to make sure you are staying prepared.