For tiny First Landmark Bank in Marietta, Ga., cybersecurity is a priority, even though smaller financial institutions have not yet been prime targets for recent distributed-denial-of-service attacks against banking institutions.

Because the community bank’s leaders fear the institution could eventually be a target for a cyber-attack, they are taking a proactive approach to mitigate potential risks – an approach that others should emulate.

First Landmark Bank, which has only $182 million in assets, is working with its core processor, Fiserv, and third-party service providers, such as CSI, to ensure its online-banking channel is secure. The bank is leaning on numerous vendors because relying solely on Fiserv alone would not meet its needs, says Leigh Pharr, senior vice president.

More community banking institutions should embrace this approach. Too many of them lean too heavily on their core processors alone for security, technical support and intrusion testing services. Doing so invariably leaves gaps.

Small banking institutions have to depend on third parties to keep them abreast of emerging fraud schemes and attack trends, such as DDoS. Without that open communication, banks like First Landmark would be in the dark.

DDoS: Every Institution’s Worry

Federal banking regulators have warned community institutions they have obligations to take emerging cyber-risks seriously. And the National Credit Union Administration issued its own DDoS warning for credit unions in February.

But many community banks and credit unions don’t know where to start.

First Landmark, however, knew from its founding in 2008 that it had to outsource most of its information technology and security management, says Leigh Pharr, the bank’s senior vice president.

“As we were organizing the group, there were only five of us, and none of us had true IT or technology experience,” she says. “We knew the best thing we could do was go out and hire vendors that are on bleeding edge.”

First Landmark’s management has, from the beginning, understood the need for strong security, Pharr says. And this understanding has helped propel the bank ahead of other similarly-sized institutions in its dedication to security.

“We are very fortunate in that senior management here and our president are very in-tune with DDoS attacks, and we keep all of our employees well-educated on what might happen, what can happen,” Pharr says.

If more community banks had that kind of buy-in from management, then security investment challenges would be less of an issue. But many smaller institutions have their leadership spread too thin to make cybersecurity a priority.

Core Processor’s Role

Fiserv provides First Landmark with bulletins and alerts about emerging risks and DDoS attacks, Pharr acknowledges. “They tell us what to be on the lookout for. They give us the information about the attacks that they identified – and one recently was DDoS.”

But the bank is turning to others for technical support on data security issues.

“While we do rely on our core processor to provide us with all of the technical, online banking products, we are not satisfied that is all we need to ensure we are secure and that our accounts are protected,” Pharr says. “That’s why we have hired other third party providers [such as CSI] to come in and test our systems – try to break us. Because of that, I feel comfortable that our network is secure and monitored.”

Cyber-attacks are not going away. Phishing schemes and DDoS strikes are only going to become more prevalent and complex. And community banks need all of the support they can get, from numerous sources – especially core processors.

As the managers of online-banking platforms for the majority of small and mid-tier banking institutions throughout the U.S., core processors have a responsibility to ensure their institution customers are protected and are investing in up-to-date solutions.

The DDoS attacks that major U.S. banking institutions are now battling are continuing to evolve. Smaller banking institutions should follow First Landmark’s example and take proactive steps today to ensure they are adequately mitigating their DDoS risks.

For protection against your eCommerce site click here.

Source: http://www.bankinfosecurity.com/blogs/small-banks-prepping-for-ddos-attacks-p-1449

 

Anti-Israel hackers stepped up their attempts to pull down Israeli sites over the weekend, with numerous attempted denial of service (DDoS) attacks against Israeli government sites. Hacker sites listed numerous websites they claimed to have disabled, and several sites reported slowdowns on Saturday night, but nearly all the sites the hackers claimed to have taken down were operating normally.

Among the sites that experienced actual downtime due to attacks were those of Israel’s Education Ministry and Central Bureau of Statistics, which was still offline as of Sunday morning.

Meanwhile, Israeli hackers began to retaliate against the anti-Israel hack attacks, called #OpIsrael, with an operation of their own against sites in countries associated with the anti-Israel groups. A group called the Israeli Elite Strike Force over the weekend disabled dozens of sites in Pakistan, Iran, Syria, and several north African countries – and even acquired a domain name associated with the OpIsrael attack — opisrael.com. Instead of listing the sites anti-Israel hackers have defaced, that site features educational facts about Israel and the Jewish people, and a warning to anti-Israel groups that Israeli hackers were ready to fight fire with fire.

Israeli Elite Strike Force seems to have been organized quickly in the past few days, in response to the threat by anti-Israel hackers to “erase Israel from the Internet” on April 7. The hackers released a list of some 1,300 Israeli sites that they planned to strike, claiming to have begun their attacks already on Saturday. But a check of most of the sites that the hackers claimed to have disabled – sites belonging to the Bank of Israel, the Tax Authority, the Central Bureau of Statistics, and other government agencies – showed they were operating normally. Several sites were hacked by groups associated with OpIsrael, but most of those were privately owned sites.

The hackers claimed to be identified with Anonymous, but Dr. Tal Pavel of MiddleEasterNet said that the group behind OpIsrael was most likely an ad-hoc assembly of Arab hacktivists calling themselves “Dangerous Hackers.” The group was not necessarily associated with international hacking group Anonymous, Pavel said, and on Saturday, individuals claiming to be members of Anonymous posted on the forum site 4Chan that they were not associated with OpIsrael. However, another alleged Anonymous site, possibly located in Sweden, on Saturday night claimed that Anonymous hackers were involved in the anti-Israel cyber attack.

A Twitter feed, ostensibly by Anonymous hackers, claimed it had stolen passwords and information from Israeli sites, including the Facebook account login data for Israeli government officials. However, Pavel said, such claims could not be trusted, because hacker groups often recycled old information from previously leaked databases, claiming it was fresh, in order to score a public relations victory. In several instances in recent days, said Pavel, he discovered that names and passwords hackers claimed to have stolen from Israeli servers last week were several years old.

Meanwhile, Israeli Elite Strike Force worked on Saturday night to pull down more sites. The group started attacking sites in Pakistan Friday but took off for Shabbat.

“We wish all our JEWISH brothers a Shabbat Shalom,” the group said in its Twitter feed. “This was just a little taste before the day of rest. Hell’s Fire To Come.”

For protection against your eCommerce site click here.

Source: http://www.timesofisrael.com/as-cyber-war-begins-israeli-hackers-hit-back/

As with any asset of monetary value, once said asset reaches a noteworthy level, cybercriminals’ interest is going to pique. Such is the current situation with virtual currency Bitcoin, which hit a high of $142 yesterday and the value of all Bitcoins in circulation has soared to more than $1 billion.

Two different Bitcoin services, an exchange and an online storage service, reported yesterday they are experiencing service disruptions because of a distributed denial-of-service attack and a database hack, respectively. Naturally, both the trading exchange Mt. Gox and the storage service Instawallet, are encouraging customers not to panic sell.

Mt Gox, a Tokyo-based exchange, issued a statement yesterday that it was blaming a trading lag that resulted in 502 errors and users not being able to reach their accounts on a DDoS attack.

Mt. Gox said it was unaware who was behind the attack and speculated that the attackers could have two motives: a) destabilize Bitcoin as a virtual currency; or b) cash in for a large profit once the currency’s value drops by buying low.

Mt. Gox said it will continue to be able to trade, and that it has hired security company Prolexic, which specializes in DDoS mitigation.

“There are a few things that we can implement to help fight the attacks, such as disconnecting the trade engine backend from the Internet,” the company said in a release. “By separating the data center from the Mt.Gox website, we will continue to be able to trade.”

Mt. Gox said it is the largest Bitcoin exchange and handles more than 80 percent of all U.S. dollar trades and 70 percent of all currencies. Prior to this year, the company said an average of 9,000 new accounts were created monthly; that number jumped during the first three months of the year when 57,000 new accounts were created. The company said it can fix, but won’t be able to eradicate, a lag in trading because, as is the case with all currency exchanges, it will always be in the attackers’ crosshairs.

“[We] understand that many of you have a lot at stake here, but remember that Bitcoin, despite being designed to have its value increase over time, will always be the victim of people trying to abuse the system, or even the value of Bitcoin decreasing occasionally,” the release said. “These are not new phenomena and have been present since the beginning of time when humans first started trading.”

The company also said it is working on a new trade engine that will scale its infrastructure to accommodate spikes in trade volume. “Lag will always be there, but our mission is to make lag as small as possible,” the statement said.

Meanwhile, Instawallet, an online Bitcoin storage service put a notice on its website that its services would be suspended indefinitely because of a database hack.

“Our database was fraudulently accessed, due to the very nature of Instawallet it is impossible to reopen the service as-is,” the notice said. “In the next few days we are going to open the claim process for Instawallet balance holders to claim the funds they had stored before the service interruption.”

The notice gave no indication how many Bitcoins were stolen in the attack. It said that any account with a balance of fewer than 50 Bitcoins would be refunded, and any with more than 50 would be processed on a case by case basis.

These aren’t the first attacks against Bitcoin exchanges. Bitcoinica was compromised last May and more than $87,000 in Bitcoins were stolen; the exchange said user currency was not stolen, only the company’s. In September, BitFloor reported it had been robbed by hackers of $250,000, most of the currency the company had on hand, it said at the time. Hackers were able to access a backup copy of wallet encryption keys in an unencrypted area of the server, the company said.

For DDoS protection click here.

Source: http://threatpost.com/en_us/blogs/ddos-attack-database-breach-take-down-two-bitcoin-services-040413

If you’ve had issues lately with your Internet being slow, it’s because the Internet is undergoing the biggest DDoS attack in its history. If you can’t reach Netflix, or are having difficulties accessing other sites, then it might be due to this huge online fight between CyberBunker, a Dutch hosting company, and Spamhaus, an anti-spam group. This Web war began when Spamhaus blacklisted the Dutch company as spammers. If the cyberattacks escalate, security experts told the New York Times that “people may not be able to reach basic Internet services, like e-mail and online banking.”

Steve Linford, chief executive for Spamhaus, told BBC that the scale of this cyberattack has been “unprecedented. These attacks are peaking at 300 gb/s (gigabits per second). Normally when there are attacks against major banks, we’re talking about 50 gb/s.”

The attacks have been ongoing since March 15 and are “being investigated by five different national cyber-police-forces around the world.” Companies like Google “made their resources available to help ‘absorb all of this traffic’.” Linford added, “They are targeting every part of the internet infrastructure that they feel can be brought down. We can’t be brought down. Spamhaus has more than 80 servers around the world. We’ve built the biggest DNS server around.” The anti-spam group alleged that “Cyberbunker, in cooperation with ‘criminal gangs’ from Eastern Europe and Russia, is behind the attack.”

Last week, when CloudFlare first talked publicly about the DDoS attacks on Spamhaus, CloudFlare CEO Matthew Prince explained, “These very large attacks, which are known as Layer 3 attacks, are difficult to stop with any on-premise solution. Put simply: if you have a router with a 10Gbps port, and someone sends you 11Gbps of traffic, it doesn’t matter what intelligent software you have to stop the attack because your network link is completely saturated.” CloudFlare relied on Anycast, which “means the same IP address is announced from every one of our 23 worldwide data centers. When there’s an attack, Anycast serves to effectively dilute it by spreading it across our facilities.” When Spamhaus was back online, the spam-fighting group said “they were DDoS’d by Russian spam gangs.”

“Millions” of people surfing the Web might be affected by these cyberattacks that are exploiting the Domain Name System (DNS), the “Internet’s core infrastructure.” It “functions like a telephone switchboard for the Internet. It translates the names of Web sites like Facebook.com or Google.com into a string of numbers that the Internet’s underlying technology can understand. Millions of computer servers around the world perform the actual translation.” Linford told the BBC, “The attack’s power would be strong enough to take down government internet infrastructure.” International Business Times added that the congestion “threatens critical infrastructure” systems.

“These things are essentially like nuclear bombs,” Prince told the New York Times. “It’s so easy to cause so much damage.” Patrick Gilmore, chief architect at Akamai Networks, added, “It is the largest publicly announced DDoS attack in the history of the Internet.”

Regarding CyberBunker, Gilmore said, “These guys are just mad. To be frank, they got caught. They think they should be allowed to spam.”

CyberBunker says it will host anything except child porn and terrorism-related content; it became the host for The Pirate Bay in 2009. It is housed in a five-story former NATO bunker. Built in 1955, NATO used the building as a “radio base band relay station and for local espionage and counter-espionage.” The building “comprises tunnels and operations rooms on four levels, one above ground designed as a decontamination area and three underground, with five-meter-thick reinforced concrete outer walls.” The facility “was constructed to operate in an energy saving capacity, totally cut off from the outside world, for over 10 years. Up to 72 people could survive in the bunker.” CyberBunker said that a Dutch SWAT team previously attempted to breach the building, but “it must not have occurred to the officers that the blast doors were designed to withstand a 20 megaton nuclear explosion from close range.”

CyberBunker disputes Spamhaus’ claims that it is “designated as a ‘rogue’ host and has long been a haven for cybercrime and spam.” The Dutch host told Bloomberg, “The only thing we would like to say is that we do not, and never have, sent any spam.” Current operator of the CyberBunker, Sven Olaf Kamphuis, said, “We are aware that this is one of the largest DDoS attacks the world had publicly seen.” He claimed that Cyberbunker is “retaliating against Spamhaus for ‘abusing their influence’. Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet. They worked themselves into that position by pretending to fight spam.”

For DDoS protection click here.

Source: http://blogs.computerworld.com/cybercrime-and-hacking/21967/biggest-ddos-attack-history-slows-internet-breaks-record-300-gbps

Wells Fargo & Co on Tuesday said its online banking website was experiencing an unusually high volume of traffic that it believes stems from a denial-of-service cyber attack.

“The vast majority of customers are not impacted and customer information remains safe,” said Bridget Braxton, a spokeswoman for the fourth-largest U.S. bank by assets. Customers who have trouble should try logging in again because the disruption is usually intermittent, she said.

Since September, a hacker activist group called the Izz ad-Din al-Qassam Cyber Fighters has said it was launching denial of service attacks against major U.S. banks. These attacks can disrupt service by deluging websites with high traffic.

In a posting Tuesday on pastebin.com, the group listed Wells Fargo as one of the banks “being chosen as a target.” In December, Wells customers had trouble accessing the website for four days.

In its annual report filing last month, Wells said it had not experienced any “material losses” related to cyber attacks but that enhancing its protections remained a priority.

For DDoS protection click here.

Source: http://www.huffingtonpost.com/2013/03/26/wells-fargo-cyber-attack_n_2958093.html