As with any asset of monetary value, once said asset reaches a noteworthy level, cybercriminals’ interest is going to pique. Such is the current situation with virtual currency Bitcoin, which hit a high of $142 yesterday and the value of all Bitcoins in circulation has soared to more than $1 billion.

Two different Bitcoin services, an exchange and an online storage service, reported yesterday they are experiencing service disruptions because of a distributed denial-of-service attack and a database hack, respectively. Naturally, both the trading exchange Mt. Gox and the storage service Instawallet, are encouraging customers not to panic sell.

Mt Gox, a Tokyo-based exchange, issued a statement yesterday that it was blaming a trading lag that resulted in 502 errors and users not being able to reach their accounts on a DDoS attack.

Mt. Gox said it was unaware who was behind the attack and speculated that the attackers could have two motives: a) destabilize Bitcoin as a virtual currency; or b) cash in for a large profit once the currency’s value drops by buying low.

Mt. Gox said it will continue to be able to trade, and that it has hired security company Prolexic, which specializes in DDoS mitigation.

“There are a few things that we can implement to help fight the attacks, such as disconnecting the trade engine backend from the Internet,” the company said in a release. “By separating the data center from the Mt.Gox website, we will continue to be able to trade.”

Mt. Gox said it is the largest Bitcoin exchange and handles more than 80 percent of all U.S. dollar trades and 70 percent of all currencies. Prior to this year, the company said an average of 9,000 new accounts were created monthly; that number jumped during the first three months of the year when 57,000 new accounts were created. The company said it can fix, but won’t be able to eradicate, a lag in trading because, as is the case with all currency exchanges, it will always be in the attackers’ crosshairs.

“[We] understand that many of you have a lot at stake here, but remember that Bitcoin, despite being designed to have its value increase over time, will always be the victim of people trying to abuse the system, or even the value of Bitcoin decreasing occasionally,” the release said. “These are not new phenomena and have been present since the beginning of time when humans first started trading.”

The company also said it is working on a new trade engine that will scale its infrastructure to accommodate spikes in trade volume. “Lag will always be there, but our mission is to make lag as small as possible,” the statement said.

Meanwhile, Instawallet, an online Bitcoin storage service put a notice on its website that its services would be suspended indefinitely because of a database hack.

“Our database was fraudulently accessed, due to the very nature of Instawallet it is impossible to reopen the service as-is,” the notice said. “In the next few days we are going to open the claim process for Instawallet balance holders to claim the funds they had stored before the service interruption.”

The notice gave no indication how many Bitcoins were stolen in the attack. It said that any account with a balance of fewer than 50 Bitcoins would be refunded, and any with more than 50 would be processed on a case by case basis.

These aren’t the first attacks against Bitcoin exchanges. Bitcoinica was compromised last May and more than $87,000 in Bitcoins were stolen; the exchange said user currency was not stolen, only the company’s. In September, BitFloor reported it had been robbed by hackers of $250,000, most of the currency the company had on hand, it said at the time. Hackers were able to access a backup copy of wallet encryption keys in an unencrypted area of the server, the company said.

For DDoS protection click here.

Source: http://threatpost.com/en_us/blogs/ddos-attack-database-breach-take-down-two-bitcoin-services-040413

If you’ve had issues lately with your Internet being slow, it’s because the Internet is undergoing the biggest DDoS attack in its history. If you can’t reach Netflix, or are having difficulties accessing other sites, then it might be due to this huge online fight between CyberBunker, a Dutch hosting company, and Spamhaus, an anti-spam group. This Web war began when Spamhaus blacklisted the Dutch company as spammers. If the cyberattacks escalate, security experts told the New York Times that “people may not be able to reach basic Internet services, like e-mail and online banking.”

Steve Linford, chief executive for Spamhaus, told BBC that the scale of this cyberattack has been “unprecedented. These attacks are peaking at 300 gb/s (gigabits per second). Normally when there are attacks against major banks, we’re talking about 50 gb/s.”

The attacks have been ongoing since March 15 and are “being investigated by five different national cyber-police-forces around the world.” Companies like Google “made their resources available to help ‘absorb all of this traffic’.” Linford added, “They are targeting every part of the internet infrastructure that they feel can be brought down. We can’t be brought down. Spamhaus has more than 80 servers around the world. We’ve built the biggest DNS server around.” The anti-spam group alleged that “Cyberbunker, in cooperation with ‘criminal gangs’ from Eastern Europe and Russia, is behind the attack.”

Last week, when CloudFlare first talked publicly about the DDoS attacks on Spamhaus, CloudFlare CEO Matthew Prince explained, “These very large attacks, which are known as Layer 3 attacks, are difficult to stop with any on-premise solution. Put simply: if you have a router with a 10Gbps port, and someone sends you 11Gbps of traffic, it doesn’t matter what intelligent software you have to stop the attack because your network link is completely saturated.” CloudFlare relied on Anycast, which “means the same IP address is announced from every one of our 23 worldwide data centers. When there’s an attack, Anycast serves to effectively dilute it by spreading it across our facilities.” When Spamhaus was back online, the spam-fighting group said “they were DDoS’d by Russian spam gangs.”

“Millions” of people surfing the Web might be affected by these cyberattacks that are exploiting the Domain Name System (DNS), the “Internet’s core infrastructure.” It “functions like a telephone switchboard for the Internet. It translates the names of Web sites like Facebook.com or Google.com into a string of numbers that the Internet’s underlying technology can understand. Millions of computer servers around the world perform the actual translation.” Linford told the BBC, “The attack’s power would be strong enough to take down government internet infrastructure.” International Business Times added that the congestion “threatens critical infrastructure” systems.

“These things are essentially like nuclear bombs,” Prince told the New York Times. “It’s so easy to cause so much damage.” Patrick Gilmore, chief architect at Akamai Networks, added, “It is the largest publicly announced DDoS attack in the history of the Internet.”

Regarding CyberBunker, Gilmore said, “These guys are just mad. To be frank, they got caught. They think they should be allowed to spam.”

CyberBunker says it will host anything except child porn and terrorism-related content; it became the host for The Pirate Bay in 2009. It is housed in a five-story former NATO bunker. Built in 1955, NATO used the building as a “radio base band relay station and for local espionage and counter-espionage.” The building “comprises tunnels and operations rooms on four levels, one above ground designed as a decontamination area and three underground, with five-meter-thick reinforced concrete outer walls.” The facility “was constructed to operate in an energy saving capacity, totally cut off from the outside world, for over 10 years. Up to 72 people could survive in the bunker.” CyberBunker said that a Dutch SWAT team previously attempted to breach the building, but “it must not have occurred to the officers that the blast doors were designed to withstand a 20 megaton nuclear explosion from close range.”

CyberBunker disputes Spamhaus’ claims that it is “designated as a ‘rogue’ host and has long been a haven for cybercrime and spam.” The Dutch host told Bloomberg, “The only thing we would like to say is that we do not, and never have, sent any spam.” Current operator of the CyberBunker, Sven Olaf Kamphuis, said, “We are aware that this is one of the largest DDoS attacks the world had publicly seen.” He claimed that Cyberbunker is “retaliating against Spamhaus for ‘abusing their influence’. Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet. They worked themselves into that position by pretending to fight spam.”

For DDoS protection click here.

Source: http://blogs.computerworld.com/cybercrime-and-hacking/21967/biggest-ddos-attack-history-slows-internet-breaks-record-300-gbps

Wells Fargo & Co on Tuesday said its online banking website was experiencing an unusually high volume of traffic that it believes stems from a denial-of-service cyber attack.

“The vast majority of customers are not impacted and customer information remains safe,” said Bridget Braxton, a spokeswoman for the fourth-largest U.S. bank by assets. Customers who have trouble should try logging in again because the disruption is usually intermittent, she said.

Since September, a hacker activist group called the Izz ad-Din al-Qassam Cyber Fighters has said it was launching denial of service attacks against major U.S. banks. These attacks can disrupt service by deluging websites with high traffic.

In a posting Tuesday on pastebin.com, the group listed Wells Fargo as one of the banks “being chosen as a target.” In December, Wells customers had trouble accessing the website for four days.

In its annual report filing last month, Wells said it had not experienced any “material losses” related to cyber attacks but that enhancing its protections remained a priority.

For DDoS protection click here.

Source: http://www.huffingtonpost.com/2013/03/26/wells-fargo-cyber-attack_n_2958093.html

JP Morgan Chase is recovering from a DDoS attack that knocked it’s website, and online banking offline on Tuesday, making them the latest victim in a wave of DDoS attacks against financial institutions.

Initially, the DDoS prevented access completely for some customers, and then the attack created intermittent outages and connections that were sluggish and slow. Customers were greeted with a notice on Chase.com that simply stated that the site was “temporarily down.” Mobile banking was unaffected by the attack, Chase said.

The bank confirmed the DDoS attack to the media, but would not, or could not disclose technical details such as peak traffic or length of attack. As of Tuesday evening, Chase.com was working as normal.

Earlier this month, a group calling itself Izz ad-Din al-Qassam Cyber Fighters, promised new DDoS attacks against the finance sector, having previously targeted several American banks successfully. At the time their warning was delivered, Bank of America, PNC Bank, Wells Fargo, and Citibank were all having connection issues or were offline entirely.

Earlier this year, a study by the Ponemon Institute said that 64% of IT staffers working within the financial sector said that their banks had suffered at least one DDoS attack within the previous 12 months, and 78% of those respondents said that DDoS attacks will either continue or increase in 2013.

“The belief that traditional perimeter security technologies such as firewalls are able to protect against today’s DDoS attacks is lulling not only financial institutions but organizations across every sector into a false sense of security,” said Marty Meyer, president of Corero Network Security, the company that commissioned the Ponemon study.

“Many Organizations assume traditional firewalls can provide protection against DDoS and zero-Day exploits at the perimeter, yet this is not what they were designed to do and therefore attacks are still getting through.”

For DDoS protection click here.

Source: http://www.securityweek.com/jp-morgan-chase-blasted-offline-during-ddos-attack

Distributed denial-of-service attacks aim to bring portions of a network down by bombarding the network with requests, and U.S. financial institutions have been prime targets, hit by attacks that rendered their websites unavailable to customers.

These five tips can help maintain your financial institution’s network and cyber security posture while decreasing the risk and potential collateral damage of DDoS attacks.

Start with the Basic Security Objectives

Financial enterprises should consider implementing controls as they relate to the three main tenets of information security, the CIA triad. These principles are confidentiality, integrity and availability and are the foundation of any information security policy infrastructure.

Confidentiality refers to the safeguarding of sensitive or classified data; integrity refers to keeping the original data unadulterated and intact; and availability refers to the resources and data that need to be continuously available to authorized parties to maintain day-to-day business.

While the CIA triad is important for every network, it is especially vital for the financial sector where classified data can consist of personal information that must be protected due to regulatory compliance.

Implement an Effective Security Information Management Solution

Another early stage security measure is utilizing a highly effective Security Information Management solution or Security Information and Event Management solution. The exact solution depends largely on the size and needs of your financial enterprise, and both are designed to increase the visibility of telemetry within the enterprise network or on its boundaries.

A SIM solution carries out the collection, storing, alerting and reporting on the data whereas SIEM solutions combine SIM with a Security Event Management component that processes logs in order to create alerts from connected events.

Both solutions have a wide range of capabilities, including compliance-related functions, such as the retention of messages and creation of reports specifically designed to address audit or compliance concerns. Audit and compliance issues are major concerns within the financial sector, and a strong SIEM can provide the additional visibility an enterprise needs to decrease the resolution time of an incident.

Integrate Advanced Evasion Technique Protection

Advanced Evasion Techniques consist of an evasive technique that lets intruders bypass security detection and logging during network security reconnaissance. In addition to bypassing network security, they are usually stackable through simultaneous execution on multiple protocol layers, capable of changing dynamically even in the midst of an attack and consist of numerous combinations of evasion techniques and modifications.

AET protection requires zero-day protection in all layers as well as deep packet inspection across multiple network layers and protocols. AET protection components should also have integration capabilities, a full range of features, high manageability and infrastructure patch capabilities.

AETs are especially dangerous to the financial sector where, once again, extremely sensitive information is at stake in a highly regulated environment.

Establish Web and Content Controls

Web and content controls are integral for inspecting and blocking unauthorized access to sites and dangerous active content. Active content in the broadest sense consists of electronic documents that are designed to automatically invoke actions or trigger a response within a system without the assistance of an individual, phone-home type of behavior. Such content is a major hazard due to its automation and the fact that an individual may not directly or knowingly execute the actions.

Electronic documents have an added component of danger when they are actually programs or consist of programs that can be self-triggered, requiring no user intervention, and result in the same type of actions executing a program would entail. Because active content can be a death knell for the integrity of a financial network, protection against triggered behaviors is necessary, as is requiring user intervention to open executables, and strong authentication, authorization and accounting.

Employ Digital and Network Forensics

Digital and network forensics are particularly essential for dealing with DDoS in the financial sector as both serve to provide added visibility, remediation and legal response capabilities.

Digital forensics relates directly to legal response capabilities, as it deals with discovering and analyzing electronic data for use in a potential court case. Network forensics seeks to pinpoint the source of a security incident or attack by capturing, recording and analyzing network events.

Lacking either process opens your financial enterprise to additional legal ramifications and a higher risk of repeated attacks.

For DDoS protection click here.

Source: www.cutimes.com/2013/03/13/5-tips-for-protecting-against-ddos-attacks?ref=hp&t=online-mobile-banking&page=1

Source: www.cutimes.com/2013/03/13/5-tips-for-protecting-against-ddos-attacks?ref=hp&t=online-mobile-banking&page=1