DDoS Protection Specialist Archive

For tiny First Landmark Bank in Marietta, Ga., cybersecurity is a priority, even though smaller financial institutions have not yet been prime targets for recent distributed-denial-of-service attacks against banking institutions.

Because the community bank’s leaders fear the institution could eventually be a target for a cyber-attack, they are taking a proactive approach to mitigate potential risks – an approach that others should emulate.

First Landmark Bank, which has only $182 million in assets, is working with its core processor, Fiserv, and third-party service providers, such as CSI, to ensure its online-banking channel is secure. The bank is leaning on numerous vendors because relying solely on Fiserv alone would not meet its needs, says Leigh Pharr, senior vice president.

More community banking institutions should embrace this approach. Too many of them lean too heavily on their core processors alone for security, technical support and intrusion testing services. Doing so invariably leaves gaps.

Small banking institutions have to depend on third parties to keep them abreast of emerging fraud schemes and attack trends, such as DDoS. Without that open communication, banks like First Landmark would be in the dark.

DDoS: Every Institution’s Worry

Federal banking regulators have warned community institutions they have obligations to take emerging cyber-risks seriously. And the National Credit Union Administration issued its own DDoS warning for credit unions in February.

But many community banks and credit unions don’t know where to start.

First Landmark, however, knew from its founding in 2008 that it had to outsource most of its information technology and security management, says Leigh Pharr, the bank’s senior vice president.

“As we were organizing the group, there were only five of us, and none of us had true IT or technology experience,” she says. “We knew the best thing we could do was go out and hire vendors that are on bleeding edge.”

First Landmark’s management has, from the beginning, understood the need for strong security, Pharr says. And this understanding has helped propel the bank ahead of other similarly-sized institutions in its dedication to security.

“We are very fortunate in that senior management here and our president are very in-tune with DDoS attacks, and we keep all of our employees well-educated on what might happen, what can happen,” Pharr says.

If more community banks had that kind of buy-in from management, then security investment challenges would be less of an issue. But many smaller institutions have their leadership spread too thin to make cybersecurity a priority.

Core Processor’s Role

Fiserv provides First Landmark with bulletins and alerts about emerging risks and DDoS attacks, Pharr acknowledges. “They tell us what to be on the lookout for. They give us the information about the attacks that they identified – and one recently was DDoS.”

But the bank is turning to others for technical support on data security issues.

“While we do rely on our core processor to provide us with all of the technical, online banking products, we are not satisfied that is all we need to ensure we are secure and that our accounts are protected,” Pharr says. “That’s why we have hired other third party providers [such as CSI] to come in and test our systems – try to break us. Because of that, I feel comfortable that our network is secure and monitored.”

Cyber-attacks are not going away. Phishing schemes and DDoS strikes are only going to become more prevalent and complex. And community banks need all of the support they can get, from numerous sources – especially core processors.

As the managers of online-banking platforms for the majority of small and mid-tier banking institutions throughout the U.S., core processors have a responsibility to ensure their institution customers are protected and are investing in up-to-date solutions.

The DDoS attacks that major U.S. banking institutions are now battling are continuing to evolve. Smaller banking institutions should follow First Landmark’s example and take proactive steps today to ensure they are adequately mitigating their DDoS risks.

For protection against your eCommerce site click here.

Source: http://www.bankinfosecurity.com/blogs/small-banks-prepping-for-ddos-attacks-p-1449


Anti-Israel hackers stepped up their attempts to pull down Israeli sites over the weekend, with numerous attempted denial of service (DDoS) attacks against Israeli government sites. Hacker sites listed numerous websites they claimed to have disabled, and several sites reported slowdowns on Saturday night, but nearly all the sites the hackers claimed to have taken down were operating normally.

Among the sites that experienced actual downtime due to attacks were those of Israel’s Education Ministry and Central Bureau of Statistics, which was still offline as of Sunday morning.

Meanwhile, Israeli hackers began to retaliate against the anti-Israel hack attacks, called #OpIsrael, with an operation of their own against sites in countries associated with the anti-Israel groups. A group called the Israeli Elite Strike Force over the weekend disabled dozens of sites in Pakistan, Iran, Syria, and several north African countries – and even acquired a domain name associated with the OpIsrael attack — opisrael.com. Instead of listing the sites anti-Israel hackers have defaced, that site features educational facts about Israel and the Jewish people, and a warning to anti-Israel groups that Israeli hackers were ready to fight fire with fire.

Israeli Elite Strike Force seems to have been organized quickly in the past few days, in response to the threat by anti-Israel hackers to “erase Israel from the Internet” on April 7. The hackers released a list of some 1,300 Israeli sites that they planned to strike, claiming to have begun their attacks already on Saturday. But a check of most of the sites that the hackers claimed to have disabled – sites belonging to the Bank of Israel, the Tax Authority, the Central Bureau of Statistics, and other government agencies – showed they were operating normally. Several sites were hacked by groups associated with OpIsrael, but most of those were privately owned sites.

The hackers claimed to be identified with Anonymous, but Dr. Tal Pavel of MiddleEasterNet said that the group behind OpIsrael was most likely an ad-hoc assembly of Arab hacktivists calling themselves “Dangerous Hackers.” The group was not necessarily associated with international hacking group Anonymous, Pavel said, and on Saturday, individuals claiming to be members of Anonymous posted on the forum site 4Chan that they were not associated with OpIsrael. However, another alleged Anonymous site, possibly located in Sweden, on Saturday night claimed that Anonymous hackers were involved in the anti-Israel cyber attack.

A Twitter feed, ostensibly by Anonymous hackers, claimed it had stolen passwords and information from Israeli sites, including the Facebook account login data for Israeli government officials. However, Pavel said, such claims could not be trusted, because hacker groups often recycled old information from previously leaked databases, claiming it was fresh, in order to score a public relations victory. In several instances in recent days, said Pavel, he discovered that names and passwords hackers claimed to have stolen from Israeli servers last week were several years old.

Meanwhile, Israeli Elite Strike Force worked on Saturday night to pull down more sites. The group started attacking sites in Pakistan Friday but took off for Shabbat.

“We wish all our JEWISH brothers a Shabbat Shalom,” the group said in its Twitter feed. “This was just a little taste before the day of rest. Hell’s Fire To Come.”

For protection against your eCommerce site click here.

Source: http://www.timesofisrael.com/as-cyber-war-begins-israeli-hackers-hit-back/

As with any asset of monetary value, once said asset reaches a noteworthy level, cybercriminals’ interest is going to pique. Such is the current situation with virtual currency Bitcoin, which hit a high of $142 yesterday and the value of all Bitcoins in circulation has soared to more than $1 billion.

Two different Bitcoin services, an exchange and an online storage service, reported yesterday they are experiencing service disruptions because of a distributed denial-of-service attack and a database hack, respectively. Naturally, both the trading exchange Mt. Gox and the storage service Instawallet, are encouraging customers not to panic sell.

Mt Gox, a Tokyo-based exchange, issued a statement yesterday that it was blaming a trading lag that resulted in 502 errors and users not being able to reach their accounts on a DDoS attack.

Mt. Gox said it was unaware who was behind the attack and speculated that the attackers could have two motives: a) destabilize Bitcoin as a virtual currency; or b) cash in for a large profit once the currency’s value drops by buying low.

Mt. Gox said it will continue to be able to trade, and that it has hired security company Prolexic, which specializes in DDoS mitigation.

“There are a few things that we can implement to help fight the attacks, such as disconnecting the trade engine backend from the Internet,” the company said in a release. “By separating the data center from the Mt.Gox website, we will continue to be able to trade.”

Mt. Gox said it is the largest Bitcoin exchange and handles more than 80 percent of all U.S. dollar trades and 70 percent of all currencies. Prior to this year, the company said an average of 9,000 new accounts were created monthly; that number jumped during the first three months of the year when 57,000 new accounts were created. The company said it can fix, but won’t be able to eradicate, a lag in trading because, as is the case with all currency exchanges, it will always be in the attackers’ crosshairs.

“[We] understand that many of you have a lot at stake here, but remember that Bitcoin, despite being designed to have its value increase over time, will always be the victim of people trying to abuse the system, or even the value of Bitcoin decreasing occasionally,” the release said. “These are not new phenomena and have been present since the beginning of time when humans first started trading.”

The company also said it is working on a new trade engine that will scale its infrastructure to accommodate spikes in trade volume. “Lag will always be there, but our mission is to make lag as small as possible,” the statement said.

Meanwhile, Instawallet, an online Bitcoin storage service put a notice on its website that its services would be suspended indefinitely because of a database hack.

“Our database was fraudulently accessed, due to the very nature of Instawallet it is impossible to reopen the service as-is,” the notice said. “In the next few days we are going to open the claim process for Instawallet balance holders to claim the funds they had stored before the service interruption.”

The notice gave no indication how many Bitcoins were stolen in the attack. It said that any account with a balance of fewer than 50 Bitcoins would be refunded, and any with more than 50 would be processed on a case by case basis.

These aren’t the first attacks against Bitcoin exchanges. Bitcoinica was compromised last May and more than $87,000 in Bitcoins were stolen; the exchange said user currency was not stolen, only the company’s. In September, BitFloor reported it had been robbed by hackers of $250,000, most of the currency the company had on hand, it said at the time. Hackers were able to access a backup copy of wallet encryption keys in an unencrypted area of the server, the company said.

For DDoS protection click here.

Source: http://threatpost.com/en_us/blogs/ddos-attack-database-breach-take-down-two-bitcoin-services-040413

Wells Fargo & Co on Tuesday said its online banking website was experiencing an unusually high volume of traffic that it believes stems from a denial-of-service cyber attack.

“The vast majority of customers are not impacted and customer information remains safe,” said Bridget Braxton, a spokeswoman for the fourth-largest U.S. bank by assets. Customers who have trouble should try logging in again because the disruption is usually intermittent, she said.

Since September, a hacker activist group called the Izz ad-Din al-Qassam Cyber Fighters has said it was launching denial of service attacks against major U.S. banks. These attacks can disrupt service by deluging websites with high traffic.

In a posting Tuesday on pastebin.com, the group listed Wells Fargo as one of the banks “being chosen as a target.” In December, Wells customers had trouble accessing the website for four days.

In its annual report filing last month, Wells said it had not experienced any “material losses” related to cyber attacks but that enhancing its protections remained a priority.

For DDoS protection click here.

Source: http://www.huffingtonpost.com/2013/03/26/wells-fargo-cyber-attack_n_2958093.html

JP Morgan Chase is recovering from a DDoS attack that knocked it’s website, and online banking offline on Tuesday, making them the latest victim in a wave of DDoS attacks against financial institutions.

Initially, the DDoS prevented access completely for some customers, and then the attack created intermittent outages and connections that were sluggish and slow. Customers were greeted with a notice on Chase.com that simply stated that the site was “temporarily down.” Mobile banking was unaffected by the attack, Chase said.

The bank confirmed the DDoS attack to the media, but would not, or could not disclose technical details such as peak traffic or length of attack. As of Tuesday evening, Chase.com was working as normal.

Earlier this month, a group calling itself Izz ad-Din al-Qassam Cyber Fighters, promised new DDoS attacks against the finance sector, having previously targeted several American banks successfully. At the time their warning was delivered, Bank of America, PNC Bank, Wells Fargo, and Citibank were all having connection issues or were offline entirely.

Earlier this year, a study by the Ponemon Institute said that 64% of IT staffers working within the financial sector said that their banks had suffered at least one DDoS attack within the previous 12 months, and 78% of those respondents said that DDoS attacks will either continue or increase in 2013.

“The belief that traditional perimeter security technologies such as firewalls are able to protect against today’s DDoS attacks is lulling not only financial institutions but organizations across every sector into a false sense of security,” said Marty Meyer, president of Corero Network Security, the company that commissioned the Ponemon study.

“Many Organizations assume traditional firewalls can provide protection against DDoS and zero-Day exploits at the perimeter, yet this is not what they were designed to do and therefore attacks are still getting through.”

For DDoS protection click here.

Source: http://www.securityweek.com/jp-morgan-chase-blasted-offline-during-ddos-attack