DDoS Protection Specialist Archive

Distributed denial-of-service attacks aim to bring portions of a network down by bombarding the network with requests, and U.S. financial institutions have been prime targets, hit by attacks that rendered their websites unavailable to customers.

These five tips can help maintain your financial institution’s network and cyber security posture while decreasing the risk and potential collateral damage of DDoS attacks.

Start with the Basic Security Objectives

Financial enterprises should consider implementing controls as they relate to the three main tenets of information security, the CIA triad. These principles are confidentiality, integrity and availability and are the foundation of any information security policy infrastructure.

Confidentiality refers to the safeguarding of sensitive or classified data; integrity refers to keeping the original data unadulterated and intact; and availability refers to the resources and data that need to be continuously available to authorized parties to maintain day-to-day business.

While the CIA triad is important for every network, it is especially vital for the financial sector where classified data can consist of personal information that must be protected due to regulatory compliance.

Implement an Effective Security Information Management Solution

Another early stage security measure is utilizing a highly effective Security Information Management solution or Security Information and Event Management solution. The exact solution depends largely on the size and needs of your financial enterprise, and both are designed to increase the visibility of telemetry within the enterprise network or on its boundaries.

A SIM solution carries out the collection, storing, alerting and reporting on the data whereas SIEM solutions combine SIM with a Security Event Management component that processes logs in order to create alerts from connected events.

Both solutions have a wide range of capabilities, including compliance-related functions, such as the retention of messages and creation of reports specifically designed to address audit or compliance concerns. Audit and compliance issues are major concerns within the financial sector, and a strong SIEM can provide the additional visibility an enterprise needs to decrease the resolution time of an incident.

Integrate Advanced Evasion Technique Protection

Advanced Evasion Techniques consist of an evasive technique that lets intruders bypass security detection and logging during network security reconnaissance. In addition to bypassing network security, they are usually stackable through simultaneous execution on multiple protocol layers, capable of changing dynamically even in the midst of an attack and consist of numerous combinations of evasion techniques and modifications.

AET protection requires zero-day protection in all layers as well as deep packet inspection across multiple network layers and protocols. AET protection components should also have integration capabilities, a full range of features, high manageability and infrastructure patch capabilities.

AETs are especially dangerous to the financial sector where, once again, extremely sensitive information is at stake in a highly regulated environment.

Establish Web and Content Controls

Web and content controls are integral for inspecting and blocking unauthorized access to sites and dangerous active content. Active content in the broadest sense consists of electronic documents that are designed to automatically invoke actions or trigger a response within a system without the assistance of an individual, phone-home type of behavior. Such content is a major hazard due to its automation and the fact that an individual may not directly or knowingly execute the actions.

Electronic documents have an added component of danger when they are actually programs or consist of programs that can be self-triggered, requiring no user intervention, and result in the same type of actions executing a program would entail. Because active content can be a death knell for the integrity of a financial network, protection against triggered behaviors is necessary, as is requiring user intervention to open executables, and strong authentication, authorization and accounting.

Employ Digital and Network Forensics

Digital and network forensics are particularly essential for dealing with DDoS in the financial sector as both serve to provide added visibility, remediation and legal response capabilities.

Digital forensics relates directly to legal response capabilities, as it deals with discovering and analyzing electronic data for use in a potential court case. Network forensics seeks to pinpoint the source of a security incident or attack by capturing, recording and analyzing network events.

Lacking either process opens your financial enterprise to additional legal ramifications and a higher risk of repeated attacks.

For DDoS protection click here.

Source: www.cutimes.com/2013/03/13/5-tips-for-protecting-against-ddos-attacks?ref=hp&t=online-mobile-banking&page=1

Source: www.cutimes.com/2013/03/13/5-tips-for-protecting-against-ddos-attacks?ref=hp&t=online-mobile-banking&page=1

JEA’s website has been hit by a “denial of service attack,” knocking out the company’s website and payment system.

The Jacksonville-based utility told our news partner Action News Jax that jea.com is being “inundated with data,” starting overnight Sunday.

As of 2:15 p.m. Tuesday, the site was still down.

The problem is a “corporate internet connectivity event,” JEA said, and is impacting payments through its automatic phone system.

Payments made through third parties, such as Winn-Dixie and the tax collector, are being processed. Payments are still being taken at JEA’s Downtown office and requests for stop/start and reconnect orders are working as well.

There is no timeline for a fix, Action News Jax reports.

Attacks on large company’s websites and servers has been frequent in recent months. SunTrust was hit by a cyber attack in October 2012 and Bank of America, Chase and Citi were attacked by Iranian hackers the month before.

The attacks led to several of the major banks to ask the government for help to block the Iranian attacks.

JEA is the seventh-largest community-owned electric utility in the United States and one of the largest water and sewer utilities in the nation providing electric, water and sewer service to residents and businesses in northeast Florida.

Source: http://www.bizjournals.com/jacksonville/news/2013/02/19/jea-website-under-attack.html

As the threat landscape continues to evolve, one malicious tactic has stood the test of time: distributed denial-of-service attacks (DDoS). They carry on as a preferred means of assault on networks around the world, and they’re getting more prevalent and sophisticated.

According to a recent report from Prolexic, a security firm that specializes in DDoS protection, there was an 88 percent increase in the total number of DDoS attacks in the third quarter of this year compared to the same period last year.

The common method associated with this threat involves an attacker pummeling a target with illegitimate traffic through the use of botnets – to the point where its online services are unavailable. While it may seem like a mere nuisance, an attack of this nature is detrimental to any enterprise that relies on a majority of its revenue to be generated online.

The recent attacks that downed the websites of major financial institutions, such as Bank of America and JP Morgan Chase, have proved that DDoS is evolving. Rather than opting for a botnet’s army of zombie computers, the perpetrators leveraged a slew of compromised servers to launch their attacks, which flooded networks with up to 60 gigabits per second of traffic coming from each infected server.

A DDoS service toolkit known as “itsoknoproblembro” was believed to be the weapon behind the financial assaults. Capable of attacking several layers of a website’s networking stack, according to Prolexic, any mitigation provider would struggle dealing with this type of strike.

And, the prevalence and advancements of these malicious DDoS methods may be bolstered by the overall decrease in spam. As spam filters have gotten better, botnet masters have found that DDoS attacks are a worthy replacement to ensure they continue to see a high return on investment, said Matthew Prince, CEO and founder of CloudFlare, a web performance and security firm.

Motives surrounding DDoS attacks vary, from cyber warfare to hacktivism, but the one constant is that their maturation is what makes them difficult to defend against, said Dan Holden, director of Arbor Network’s Security Engineering and Response Team. And further complicating matters is that whether they are using a service provider or a hybrid cloud partner, many enterprises simply don’t own or have full visibility into their own network. “Fundamentally the internet is just a different place,” Holden said.

For DDoS protection against your eCommerce site click here.

Source: http://www.scmagazine.com/2-minutes-on-the-advancement-of-ddos/article/268633/

Capital One confirms that its website had been hit by another distributed denial of service attack. This Oct. 16 incident was the second attack allegedly waged this month by the hacktivist group Izz ad-Din al-Qassam Cyber Fighters against the $296.7 billion bank.

“Capital One is experiencing intermittent access to some online systems due to a denial of service attack,” bank spokeswoman Tatiana Stead said. “There was minimal impact to the majority of our customers.”

Also on Oct. 16, a post claiming to be from the Izz ad-Din al-Qassam Cyber Fighters appeared on the open Internet forum site Pastebin claiming new attacks against U.S. banks would be waged between Oct. 16 and Oct. 18. The group notes that this new wave of DDoS attacks is being initiated without advance warning. In earlier Pastebin posts, the group named the eight banks it eventually attacked.

The first attack against CapOne came Oct. 9, one day before the targeted attack against SunTrust Banks and two days before the attack against Regions Financial Corp..

Jason Malo, a financial fraud and security consultant with CEB TowerGroup, says the Oct. 9 attack against CapOne, appeared to be one of the most damaging. “With CapOne, they seemed to take a bigger hit than the others,” he says. “Other banks seemed to handle the attacks better.”

The first institution to take a DDoS hit was Bank of America on Sept. 18, followed by JPMorgan Chase on Sept. 19 (see High Risk: What Alert Means to Banks). Attacks against Wells Fargo, U.S. Bank and PNC hit the following week (see More U.S. Banks Report Online Woes).

Izz ad-din Al Qassam says it will continue to target U.S. institutions until a YouTube movie trailer believed by the group to be anti-Islam is removed from the Internet. Experts, however, question whether that outrage is just a front for some more nefarious motive.

Source: http://www.bankinfosecurity.com/capone-takes-second-ddos-hit-a-5203

Over the past two weeks, the websites of multiple financial institutions–including Bank of America, JPMorgan Chase, PNC, U.S. Bank, and Wells Fargo–have been targeted by attackers, leading to their websites being disrupted. Furthermore, some banks appear to still be suffering related outages.

That’s led more than 1,000 customers of those institutions to file related complaints with Site Down, a website that tracks outages. Customers have reported being unable to their access checking, savings, and mortgage accounts, as well as bill-paying and other services, via the affected banks’ websites and mobile applications.

Many of the banks’ customers have also criticized their financial institutions for not clearly detailing what was happening, or what the banks were doing about it. “It was probably the least impressive corporate presentation of bad news I’ve ever seen,” Paul Downs, a small-business owner in Bridgeport, Pa., told The New York Times, where he’s also a small-business blogger.

A hacktivist group calling itself the Cyber fighters of Izz ad-din Al qassam has taken credit for the attacks, which it’s dubbed Operation Ababil, meaning “swarm” in Arabic. It said the attacks are meant to disrupt U.S. banking operations in retaliation for the release of the Innocence of Muslims film that mocks the founder of Islam.

Some of the attacked banks’ websites still appear to be experiencing outages, but Dan Holden, director of security for the Arbor Security Engineering and Response Team, said he’s seen no signs that any active attacks are currently underway. “Obviously, we’re only one day into the week, but we didn’t see anything yesterday, and while [the Cyber fighters of Izz ad-din Al qassam] said in the previous post that they’d be working over the weekend, there haven’t been any new posts stating that they’d be doing new attacks,” he said.

Tuesday, however, multiple Wells Fargo customers were still reporting that they were having trouble accessing the bank’s website, or getting it to respond after they’d logged in. “Day 8, still can’t get in with Safari or Firefox … getting old. I have a business to run here,” said an anonymous poster to Site Down. “This is getting old,” said another.

Asked to comment on reports that the bank’s website was continuing to experience outages, a spokeswoman for Wells Fargo repeated a statement released last week, saying via email that “customers can access their accounts through the online and mobile channels.”

Multiple Bank of America customers Tuesday also reported problems with the bank’s website, with some people saying they’d been experiencing disruptions for 10 days or more. “I agree … with all the other comments about this problem of being unable to go on line. What in the world is going on–get it fixed!” said an anonymous user Sunday on the Site Down website. But Bank of America spokesman Mark T. Pipitone said via email that the bank’s website has been working normally since last Tuesday, and suggested that the scale of any reported website problems was within normal parameters. “We service 30 million online banking customers,” he said. “Our online banking services have been, and continue to be, fully functional.”

Given attackers’ advance warning that they planned to take down the banking websites–which suggested that they’d launch distributed denial-of-service (DDoS) attacks, why didn’t banks simply block the attacks? As one PNC customer said in an online forum, “Come on PNC! Never heard of content delivery networks to make these attacks more difficult?? … Please invest in a more capable network security team and take care of your customers!”

But Arbor’s Holden, speaking by phone, said that the attackers had used multiple DDoS tools and attack types–including TCP/IP flood, UDP flood, as well as HTTP and HTTPS application attacks–together with servers sporting “massive bandwidth capacity.” So while the attacks weren’t sophisticated, they succeeded by blending variety and scale.

Given the massive bandwidth used in the attacks, were they really launched by hacktivists, which is what the attackers have claimed they are? Former U.S. government officials, speaking anonymously to various media outlets, have instead directly accused Iran of launching the attacks. Regardless of whether Iran is involved, Holden said that the bank attacks don’t resemble previously seen hacktivist attacks, which typically involved botnets of endpoint-infected PCs, or people who opted in to the attack, for example by using the Low Orbit Ion Canon JavaScript DDoS tool from Anonymous.

“With Anonymous … you’d see those people coming together and launching an attack with a given tool,” Holden said. “With this, yes, you’re seeing multiple types of attacks, multiple tools, and while blended attacks are common, they’re not so common with classic hacktivism, or hacktivism that we’ve witnessed in the past.”

In other words, “we don’t know whether it’s hacktivism or whether it’s not,” said Holden. “There’s nothing really backing up the advertisement that this was a bunch of angry people. If it is, it’s people who have gone out with a particular skill set, or hired someone with a particular skill set, to launch these particular attacks.” But whoever’s involved in these attacks has quite a lot of knowledge related to the art of launching effective DDoS website takedowns, and has access to high-bandwidth servers, which they’ve either compromised, rented, or been granted access to.

Interestingly, the attackers do appear to have taken a page from the Anonymous attack playbook. “We don’t have all the information about which specific techniques have been used against the U.S. banks so far, but the ‘Izz ad-Din al-Qassam Cyber Fighters’ scripts are based on the JS LOIC scripts used by Anonymous as well,” said Jaime Blasco, AlienVault’s lab manager, via email.

But like Holden, Blasco said that the bank website attackers had used much more than just JavaScript. “The number of queries/traffic you need to generate to affect the infrastructure of those targets is very high,” he said. “To affect those targets, you need thousands of machines generating traffic, and … other types of DDoS.”

Source: http://www.informationweek.com/security/attacks/bank-site-attacks-trigger-ongoing-outage/240008314