DDoS Attack Specialist Archive

Trading halt issued.

There may be further volatility ahead for the digital peer-to-peer currency Bitcoin today, as the largest exchange, Mt Gox has again come under a denial of service attack.

The exchange conducted network maintenance overnight Australian time, taking systems offline, and said on its Facebook page it came under attack shortly after.

Mt Gox halted trading yesterday for a 12-hour period, to allow the overheated Bitcoin market to cool down.

“Orders will not be accepted for the moment as we need to upgrade our database to accommodate the trading volume,” the exchange said, adding that customers could cancel pending and open orders.

Trading is expected to resume at 11 am Japanese time (12 noon AEST) today.

Yesterday’s crash in the value of Bitcoin was not caused by a denial of service attack on Mt Gox, however. Instead, it was the trader not having the capacity to deal with demand.

“Indeed the rather astonishing amount of new accounts opened in the last few days … plus the number of trades made a huge impact on the overall system that started to lag,” Mt Gox said.

“As expected in such situation people started to panic, started to sell Bitcoin in mass (Panic Sale) resulting in an increase of trade that ultimately froze the trade engine.”

Mt Gox said the number of executed trades tripled in the past 24 hours and 75,000 new accounts were opened in the first few days of April. The exchange claims to have 20,000 new accounts opened every day.

As Mt Gox controls an estimated 80 percent of the Bitcoin exchange market, the effect of the slowdown in trades led the value of the digital currency to drop sharply, as panic set in.

The value of the currency dropped from US$266 to the BTC, to as low as US$105. A brief rally that had Bitcoin testing the US$200 level petered off, and the currency is now trading at approximately US$125.

For protection against your eCommerce site click here.

Source: http://www.itnews.com.au/News/339587,largest-bitcoin-exchange-under-fresh-dos-attack.aspx

For tiny First Landmark Bank in Marietta, Ga., cybersecurity is a priority, even though smaller financial institutions have not yet been prime targets for recent distributed-denial-of-service attacks against banking institutions.

Because the community bank’s leaders fear the institution could eventually be a target for a cyber-attack, they are taking a proactive approach to mitigate potential risks – an approach that others should emulate.

First Landmark Bank, which has only $182 million in assets, is working with its core processor, Fiserv, and third-party service providers, such as CSI, to ensure its online-banking channel is secure. The bank is leaning on numerous vendors because relying solely on Fiserv alone would not meet its needs, says Leigh Pharr, senior vice president.

More community banking institutions should embrace this approach. Too many of them lean too heavily on their core processors alone for security, technical support and intrusion testing services. Doing so invariably leaves gaps.

Small banking institutions have to depend on third parties to keep them abreast of emerging fraud schemes and attack trends, such as DDoS. Without that open communication, banks like First Landmark would be in the dark.

DDoS: Every Institution’s Worry

Federal banking regulators have warned community institutions they have obligations to take emerging cyber-risks seriously. And the National Credit Union Administration issued its own DDoS warning for credit unions in February.

But many community banks and credit unions don’t know where to start.

First Landmark, however, knew from its founding in 2008 that it had to outsource most of its information technology and security management, says Leigh Pharr, the bank’s senior vice president.

“As we were organizing the group, there were only five of us, and none of us had true IT or technology experience,” she says. “We knew the best thing we could do was go out and hire vendors that are on bleeding edge.”

First Landmark’s management has, from the beginning, understood the need for strong security, Pharr says. And this understanding has helped propel the bank ahead of other similarly-sized institutions in its dedication to security.

“We are very fortunate in that senior management here and our president are very in-tune with DDoS attacks, and we keep all of our employees well-educated on what might happen, what can happen,” Pharr says.

If more community banks had that kind of buy-in from management, then security investment challenges would be less of an issue. But many smaller institutions have their leadership spread too thin to make cybersecurity a priority.

Core Processor’s Role

Fiserv provides First Landmark with bulletins and alerts about emerging risks and DDoS attacks, Pharr acknowledges. “They tell us what to be on the lookout for. They give us the information about the attacks that they identified – and one recently was DDoS.”

But the bank is turning to others for technical support on data security issues.

“While we do rely on our core processor to provide us with all of the technical, online banking products, we are not satisfied that is all we need to ensure we are secure and that our accounts are protected,” Pharr says. “That’s why we have hired other third party providers [such as CSI] to come in and test our systems – try to break us. Because of that, I feel comfortable that our network is secure and monitored.”

Cyber-attacks are not going away. Phishing schemes and DDoS strikes are only going to become more prevalent and complex. And community banks need all of the support they can get, from numerous sources – especially core processors.

As the managers of online-banking platforms for the majority of small and mid-tier banking institutions throughout the U.S., core processors have a responsibility to ensure their institution customers are protected and are investing in up-to-date solutions.

The DDoS attacks that major U.S. banking institutions are now battling are continuing to evolve. Smaller banking institutions should follow First Landmark’s example and take proactive steps today to ensure they are adequately mitigating their DDoS risks.

For protection against your eCommerce site click here.

Source: http://www.bankinfosecurity.com/blogs/small-banks-prepping-for-ddos-attacks-p-1449

 

If you’ve had issues lately with your Internet being slow, it’s because the Internet is undergoing the biggest DDoS attack in its history. If you can’t reach Netflix, or are having difficulties accessing other sites, then it might be due to this huge online fight between CyberBunker, a Dutch hosting company, and Spamhaus, an anti-spam group. This Web war began when Spamhaus blacklisted the Dutch company as spammers. If the cyberattacks escalate, security experts told the New York Times that “people may not be able to reach basic Internet services, like e-mail and online banking.”

Steve Linford, chief executive for Spamhaus, told BBC that the scale of this cyberattack has been “unprecedented. These attacks are peaking at 300 gb/s (gigabits per second). Normally when there are attacks against major banks, we’re talking about 50 gb/s.”

The attacks have been ongoing since March 15 and are “being investigated by five different national cyber-police-forces around the world.” Companies like Google “made their resources available to help ‘absorb all of this traffic’.” Linford added, “They are targeting every part of the internet infrastructure that they feel can be brought down. We can’t be brought down. Spamhaus has more than 80 servers around the world. We’ve built the biggest DNS server around.” The anti-spam group alleged that “Cyberbunker, in cooperation with ‘criminal gangs’ from Eastern Europe and Russia, is behind the attack.”

Last week, when CloudFlare first talked publicly about the DDoS attacks on Spamhaus, CloudFlare CEO Matthew Prince explained, “These very large attacks, which are known as Layer 3 attacks, are difficult to stop with any on-premise solution. Put simply: if you have a router with a 10Gbps port, and someone sends you 11Gbps of traffic, it doesn’t matter what intelligent software you have to stop the attack because your network link is completely saturated.” CloudFlare relied on Anycast, which “means the same IP address is announced from every one of our 23 worldwide data centers. When there’s an attack, Anycast serves to effectively dilute it by spreading it across our facilities.” When Spamhaus was back online, the spam-fighting group said “they were DDoS’d by Russian spam gangs.”

“Millions” of people surfing the Web might be affected by these cyberattacks that are exploiting the Domain Name System (DNS), the “Internet’s core infrastructure.” It “functions like a telephone switchboard for the Internet. It translates the names of Web sites like Facebook.com or Google.com into a string of numbers that the Internet’s underlying technology can understand. Millions of computer servers around the world perform the actual translation.” Linford told the BBC, “The attack’s power would be strong enough to take down government internet infrastructure.” International Business Times added that the congestion “threatens critical infrastructure” systems.

“These things are essentially like nuclear bombs,” Prince told the New York Times. “It’s so easy to cause so much damage.” Patrick Gilmore, chief architect at Akamai Networks, added, “It is the largest publicly announced DDoS attack in the history of the Internet.”

Regarding CyberBunker, Gilmore said, “These guys are just mad. To be frank, they got caught. They think they should be allowed to spam.”

CyberBunker says it will host anything except child porn and terrorism-related content; it became the host for The Pirate Bay in 2009. It is housed in a five-story former NATO bunker. Built in 1955, NATO used the building as a “radio base band relay station and for local espionage and counter-espionage.” The building “comprises tunnels and operations rooms on four levels, one above ground designed as a decontamination area and three underground, with five-meter-thick reinforced concrete outer walls.” The facility “was constructed to operate in an energy saving capacity, totally cut off from the outside world, for over 10 years. Up to 72 people could survive in the bunker.” CyberBunker said that a Dutch SWAT team previously attempted to breach the building, but “it must not have occurred to the officers that the blast doors were designed to withstand a 20 megaton nuclear explosion from close range.”

CyberBunker disputes Spamhaus’ claims that it is “designated as a ‘rogue’ host and has long been a haven for cybercrime and spam.” The Dutch host told Bloomberg, “The only thing we would like to say is that we do not, and never have, sent any spam.” Current operator of the CyberBunker, Sven Olaf Kamphuis, said, “We are aware that this is one of the largest DDoS attacks the world had publicly seen.” He claimed that Cyberbunker is “retaliating against Spamhaus for ‘abusing their influence’. Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet. They worked themselves into that position by pretending to fight spam.”

For DDoS protection click here.

Source: http://blogs.computerworld.com/cybercrime-and-hacking/21967/biggest-ddos-attack-history-slows-internet-breaks-record-300-gbps

Wells Fargo & Co on Tuesday said its online banking website was experiencing an unusually high volume of traffic that it believes stems from a denial-of-service cyber attack.

“The vast majority of customers are not impacted and customer information remains safe,” said Bridget Braxton, a spokeswoman for the fourth-largest U.S. bank by assets. Customers who have trouble should try logging in again because the disruption is usually intermittent, she said.

Since September, a hacker activist group called the Izz ad-Din al-Qassam Cyber Fighters has said it was launching denial of service attacks against major U.S. banks. These attacks can disrupt service by deluging websites with high traffic.

In a posting Tuesday on pastebin.com, the group listed Wells Fargo as one of the banks “being chosen as a target.” In December, Wells customers had trouble accessing the website for four days.

In its annual report filing last month, Wells said it had not experienced any “material losses” related to cyber attacks but that enhancing its protections remained a priority.

For DDoS protection click here.

Source: http://www.huffingtonpost.com/2013/03/26/wells-fargo-cyber-attack_n_2958093.html

Distributed denial-of-service attacks aim to bring portions of a network down by bombarding the network with requests, and U.S. financial institutions have been prime targets, hit by attacks that rendered their websites unavailable to customers.

These five tips can help maintain your financial institution’s network and cyber security posture while decreasing the risk and potential collateral damage of DDoS attacks.

Start with the Basic Security Objectives

Financial enterprises should consider implementing controls as they relate to the three main tenets of information security, the CIA triad. These principles are confidentiality, integrity and availability and are the foundation of any information security policy infrastructure.

Confidentiality refers to the safeguarding of sensitive or classified data; integrity refers to keeping the original data unadulterated and intact; and availability refers to the resources and data that need to be continuously available to authorized parties to maintain day-to-day business.

While the CIA triad is important for every network, it is especially vital for the financial sector where classified data can consist of personal information that must be protected due to regulatory compliance.

Implement an Effective Security Information Management Solution

Another early stage security measure is utilizing a highly effective Security Information Management solution or Security Information and Event Management solution. The exact solution depends largely on the size and needs of your financial enterprise, and both are designed to increase the visibility of telemetry within the enterprise network or on its boundaries.

A SIM solution carries out the collection, storing, alerting and reporting on the data whereas SIEM solutions combine SIM with a Security Event Management component that processes logs in order to create alerts from connected events.

Both solutions have a wide range of capabilities, including compliance-related functions, such as the retention of messages and creation of reports specifically designed to address audit or compliance concerns. Audit and compliance issues are major concerns within the financial sector, and a strong SIEM can provide the additional visibility an enterprise needs to decrease the resolution time of an incident.

Integrate Advanced Evasion Technique Protection

Advanced Evasion Techniques consist of an evasive technique that lets intruders bypass security detection and logging during network security reconnaissance. In addition to bypassing network security, they are usually stackable through simultaneous execution on multiple protocol layers, capable of changing dynamically even in the midst of an attack and consist of numerous combinations of evasion techniques and modifications.

AET protection requires zero-day protection in all layers as well as deep packet inspection across multiple network layers and protocols. AET protection components should also have integration capabilities, a full range of features, high manageability and infrastructure patch capabilities.

AETs are especially dangerous to the financial sector where, once again, extremely sensitive information is at stake in a highly regulated environment.

Establish Web and Content Controls

Web and content controls are integral for inspecting and blocking unauthorized access to sites and dangerous active content. Active content in the broadest sense consists of electronic documents that are designed to automatically invoke actions or trigger a response within a system without the assistance of an individual, phone-home type of behavior. Such content is a major hazard due to its automation and the fact that an individual may not directly or knowingly execute the actions.

Electronic documents have an added component of danger when they are actually programs or consist of programs that can be self-triggered, requiring no user intervention, and result in the same type of actions executing a program would entail. Because active content can be a death knell for the integrity of a financial network, protection against triggered behaviors is necessary, as is requiring user intervention to open executables, and strong authentication, authorization and accounting.

Employ Digital and Network Forensics

Digital and network forensics are particularly essential for dealing with DDoS in the financial sector as both serve to provide added visibility, remediation and legal response capabilities.

Digital forensics relates directly to legal response capabilities, as it deals with discovering and analyzing electronic data for use in a potential court case. Network forensics seeks to pinpoint the source of a security incident or attack by capturing, recording and analyzing network events.

Lacking either process opens your financial enterprise to additional legal ramifications and a higher risk of repeated attacks.

For DDoS protection click here.

Source: www.cutimes.com/2013/03/13/5-tips-for-protecting-against-ddos-attacks?ref=hp&t=online-mobile-banking&page=1

Source: www.cutimes.com/2013/03/13/5-tips-for-protecting-against-ddos-attacks?ref=hp&t=online-mobile-banking&page=1