Monthly Archives: December 2012

What DDoS attacks reveal about your security infrastructure

As we close out 2012, there is no doubt that this year will go down as epic in the history books of information security professionals. Looking back on the year it’s not hard to find a laundry list of…

Follow this link:
What DDoS attacks reveal about your security infrastructure

Distributed Denial of Service (DDoS) Attacks: 2013 Predictions

During the last third of 2012, 10 major U.S. banks were the targets of powerful distributed-denial-of-service attacks apparently launched by a foreign hacktivist group. Some observers predict there will be many more DDoS attacks against financial institutions in 2013. They say hacktivists, organized crime rings and even nation states will be the perpetrators, working collaboratively in some cases and independently in others Financial fraud expert Avivah Litan, an analyst at Gartner Research, says the attacks will continue because they work, especially for criminals. “There is no reason for the criminals to stop,” Litan says. “They are getting away with them and not getting caught. These gangs will just keep escalating the attacks, up the ante and raise the stakes on the banks. The banks will have to find and implement solutions quickly. There really is no other choice.” DDoS attacks often will be used to disguise nefarious schemes aimed at stealing intellectual property and taking over accounts, especially when the attacks are waged against smaller institutions, regulators and security experts warn. John Walker , a member of ENISA’s security experts group and chair of ISACA’s Security Advisory Group in London, says banks won’t be able to fend off all of the attacks that are coming in the new year. “What we are seeing this year is just a tip in the ocean of what is planned for 2013,” he says. To prepare for continuing DDoS attacks, banking institutions should implement incident response strategies and involve staff across multiple lines of business, as well as external partners, regulators and experts say. Banks also should consider due diligence reviews of service providers, including Internet service providers and Web-hosting companies, to ensure they, too, have taken necessary steps to identify and mitigate risks associated with DDoS attacks. PNC, Others Take Hits Since September, the hacktivist group Iz ad-Din al-Qassam Cyber Fighters has grabbed headlines for two DDoS campaigns against banks. But so far, there’s been no evidence of fraud linked to these attacks. The hacktivist group announced Dec. 25 that yet another wave of attacks was coming as part of its second campaign In the latest development, PNC Financial Services, whose customers have suffered sporadic online access issues related to high volumes of traffic during both of the DDoS campaigns, reported it experienced minor site access issues late Dec. 27. But it did not link those issues to traffic connected with a DDoS attack. PNC spokeswoman Amy Vargo says some customers reported having trouble when trying to access the bank’s site during the afternoon of Dec. 27, but “this was a very short term and intermittent issue, and the systems were quickly restored to normal.” In a Dec. 10 post on Pastebin , Iz ad-Din al-Qassam Cyber Fighters announced plans for its second campaign, targeting PNC, U.S. Bancorp, Bank of America, JPMorgan Chase and SunTrust Banks. Since then, the group has posted two subsequent threats and has apparently hit all five targeted institutions as well as Wells Fargo and Citibank, part of Citigroup The hacktivist group says its waging the attacks in protest of a YouTube video deemed offensive to Muslims. The first campaign of attacks, which ran from mid-September to mid-October, targeted all of the institutions hit in the second campaign, as well as Regions Bank, HSBC Holdings and Capital One. Warning to Banks Some security experts, however, are questioning whether Pastebin posts being attributed to Izz ad-Din al-Qassam Cyber Fighters actually came from that group. Anyone could take credit for the posts and the attacks, says Mike Rothman of DDoS prevention provider Securosis. “We’ll likely see lots of folks claiming responsibility for attacks and many doing it to draw attention to their causes,” Rothman says. “Is it really one group or another? Hard to truly tell, and ultimately I don’t think it matters. The attacks will keep happening, sometimes for no apparent reason. Organizations need to be ready, and that doesn’t change, regardless of the adversary.” Smaller banking institutions not targeted by Izz ad-Din al-Qassam Cyber Fighters should guard against a false sense of security, says Bill Nelson , president and CEO of the FS-ISAC. “We saw a year ago that smaller banks and regional banks were being hit [by other DDoS attackers] and many were at a loss about why,” Nelson says. Eventually, investigators confirmed attempts to commit fraud in the background of those attacks. On Dec. 21, the Office of the Comptroller of the Currency issued an alert about the recent wave of DDoS attacks, noting that financial institutions had linked DDoS to fraud and the theft of proprietary information “These attacks by hacktivists are trying to strike terror,” Nelson says. “But cybercriminal groups have been attacking, too, off on their own launching cyberfraud. Rather than striking terror, they’re trying to make it more difficult to detect their fraud, and that’s the worry here.” Year Ahead Securosis’ Rothman says the recent waves of hacktivist attacks have drawn attention to the severity of the DDoS threat. “We have discovered a clear knowledge gap around the denial-of-service attacks in use today and the defenses needed to maintain availability,” Rothman writes in a November paper about DDoS prevention. “There is an all-too-common belief that the defenses that protect against run-of-the-mill network and application attacks will stand up to a DDoS. That’s just not the case.” Rothman says banking institutions of all sizes must start viewing DDoS attacks as instruments for multifaceted attacks. “It’s not news that some of the attackers have been using DDoS attacks to obscure ex-filtration activity,” Rothman says. “They basically work to divert the attention of the security folks with the DDoS while they steal data via other mechanisms.” Rothman says prevention steps recommended by the OCC just reiterate the obvious. “Financial institutions need to have risk management programs, and that would include tactics to mitigate against DDoS attacks as well as leveraging information-sharing networks to keep the flow of information going. If something bad happens, they need to report it and probably disclose it to customers.” Source: http://www.bankinfosecurity.com/ddos-attacks-2013-forecast-a-5396/p-2

View article:
Distributed Denial of Service (DDoS) Attacks: 2013 Predictions

Distributed Denial of Service (DDoS) Attacks on Major Banks Causing Problems for Customers

The websites of major U.S. banks are facing a new round of cyber attacks linked to the same group responsible for similar assaults earlier this year. The latest attacks started last week and have hit Bank of America Corp., SunTrust Banks Inc. (STI), JPMorgan Chase & Co. (JPM), U.S. Bancorp, Wells Fargo & Co. (WFC) and PNC Financial Services Group Inc. (PNC), according to two executives at companies providing security to some of the targeted banks, who asked for anonymity because they weren’t authorized to discuss clients and didn’t want their companies to become targets of computer assaults. PNC was under attack today, the executives said. A group calling itself Izz ad-Din al-Qassam Cyber Fighters announced plans to attack banks in a Dec. 10 statement posted on the website pastebin.com. The same group claimed responsibility for a series of distributed denial-of-service (DDoS) attacks in September and October that flooded bank websites with Internet traffic and caused disruptions and slowdowns for online customers. “The purpose of it is to try to disrupt or stop online banking access,” said Bill Nelson, president of the Financial Services Information Sharing and Analysis Center, which disseminates cyber threat information to the financial services industry. “There are some outages occasionally, but it hasn’t prevented customers from transacting business.” The Izz ad-Din group has said in Internet postings that the cyber attacks are in response to a video uploaded to Google Inc. (GOOG)’s YouTube ridiculing the Prophet Muhammad and offending some Muslims. Multiple Targets The current attacks, which began last week, involve the same tactics used in the earlier assault, harnessing commercial servers to pump traffic at bank websites and attacking applications including security devices such as firewalls or intrusion-detection systems, said Carl Herberger, a vice president at Radware Ltd. (RDWR), a Tel Aviv-based network security provider that is working with some of the banks. While the attackers targeted one bank per day in the previous campaign, they are hitting multiple banks in a single day this time, Herberger said. PNC, in a statement posted on its website, said it’s aware of the potential cyber threat, which could “make it difficult for our customers to log onto online banking.” “Please be assured that PNC’s website is protected by sophisticated encryption strategies that shield customer information and accounts,” the statement reads. “We have no information regarding timing, duration or intensity of this potential threat.” Slow Access Wells Fargo said its website was experiencing an unusually high volume of traffic, creating slow or intermittent access for some customers. “The vast majority of customers are not impacted, but for those who are, we encourage them to access their accounts through our stores, ATMs or by phone as we work to resolve the issue,” according to a statement e-mailed yesterday by Bridget Braxton, a Wells Fargo spokeswoman. Mark T. Pipitone, a Bank of America spokesman, declined to comment, as did Tom Kelly, a spokesman for JPMorgan. The attackers are changing their “signatures,” or techniques, every 7 to 10 minutes, requiring constant monitoring, said Scott Hammack, chief executive officer of Prolexic Technologies, a Hollywood, Florida-based company that provides protection from DDoS attacks. DDoS Attacks Denial-of-service attacks have long been a favored tactic of hacker-activists, and software kits to mount such assaults are available for purchase on the black market, Meaghan Molloy, a senior threat analyst at Mandiant Corp., an Alexandria, Virginia-based information-security firm, said in an e-mail. While the Izz ad-Din al-Qassam Cyber Fighters group said the attacks are in retaliation for the YouTube video, “it’s worth noting” that the Federal Bureau of Investigation last year warned that DDoS attacks were being used to deflect attention from fraudulent wire transfers from compromised bank accounts, Molloy said. Banks targeted in the current attacks are working with Internet-service providers and the U.S. government to share information on the tactics and techniques of the attackers, said Nelson, of the Financial Services Information Sharing and Analysis Center. Source: http://www.bloomberg.com/news/2012-12-20/major-banks-under-renewed-cyber-attack-targeting-websites.html

Read the original:
Distributed Denial of Service (DDoS) Attacks on Major Banks Causing Problems for Customers

National banking regulator advises on Distributed Denial of Service (DDoS) Attack deluge

The regulator for national banks issued an alert Friday about the apparent uptick in distributed denial-of-service (DDoS) attacks being waged against financial institutions. The note from the Office of the Comptroller of the Currency (OCC), which was addressed to the heads of national banks, federal branches and agencies, technology service providers and other related organizations, described how a recent wave of DDoS attacks are disrupting the availability of some bank websites. The spate seemed to kick off in early fall, and many top banks are still experiencing on-and-off attacks. “Each of these groups had different objectives for conducting these attacks, ranging from garnering public attention to diverting bank resources while simultaneous online attacks were underway and intended to enable fraud or steal proprietary information,” the alert said. The bulletin recommends that banks maintain a “heightened sense of awareness regarding these attacks” and ensure they are prepared to deal with them. That includes appropriating staff and third-party contractors to help thwart the attacks; implementing an incident response plan across various departments; and sharing information among affected organizations. In addition, because often the attacks target banks’ service providers, the OCC suggests that financial institutions review the response capabilities of their ISPs and web-hosting vendors. The alert also encourages banks that are sustaining a DDoS attack to remain in communication with customers, conveying any risks they face, as well as safeguards they can take. The OCC said banks should view their security in terms of risk management. But the alert also reminded institutions that they are obligated to follow the Federal Financial Institutions Examination Council (FFIEC) guidelines, which were updated in 2011 to address corporate account takeovers. Often, DDoS attacks run cover for attackers who are simultaneously logged in to victims’ bank accounts while fraudulently transferring out money from their accounts. Avivah Litan of research firm Gartner said in a blog post Friday that the alert shows the OCC is taking the threat seriously, and this will likely result in increased regulatory enforcement. “Some banks do spend enough on security – but many do not,” she wrote. “This will help ensure that all – and not just some – of the banks regulated by the OCC at least, are putting the requisite resources into defending against DDoS attacks and their attending damage.” Source: http://www.scmagazine.com/national-banking-regulator-advises-on-ddos-deluge/article/273769/

See original article:
National banking regulator advises on Distributed Denial of Service (DDoS) Attack deluge

Week in review: Android spam-spreading botnet, highest profile software failures of 2012, and data center design innovations

Here's an overview of some of last week's most interesting news, interviews and articles: Improving information security with one simple question Anyone who has children, or has had to deal with…

Read More:
Week in review: Android spam-spreading botnet, highest profile software failures of 2012, and data center design innovations

Details of the complexity of a Distributed Denial of Service (DDoS) Attacks

DDoS‘s popularity as an attack method can be explained by how important availability is to most organizations’ ability to function. Availability is as critical to an organization today as electricity. If an organization is taken offline, it can lose the ability to generate revenue from its customers, or the ability to access cloud-based data and applications. And, if publicized, the downtime can damage its reputation and brand. Arbor Networks’ data, gathered from more than 240 service provider deployments, shows that, without question, DDoS attacks are getting bigger. Much bigger. Consider the statistics: The average attack in September was 1.67 Gbps, a 72-percent growth from September 2011. The number of mid-range attacks, ranging 2-10 Gbps, also has increased, up 14.35% so far in 2012. Very large attacks, 10 Gbps+, were up 90 percent during 2011. The largest attack this year measured 100.84 Gbps. Hackers seek out pain points for an organization, like maintaining availability, and look to exploit weaknesses in infrastructure and existing security defenses. From that perspective, DDoS is a great tool. There are three main categories of DDoS attack: Volumetric attacks These attacks attempt to consume the bandwidth either within the target network/service, or between the target network/service and the rest of the internet. These attacks are simply about causing congestion. Volumetric attacks first emerged in 2001 when Microsoft, eBay and Yahoo were taken offline by what back then was considered large attacks in the 300 Mbps range – a relatively low volume attack. With DDoS attacks now exceeding 100 Gbps, internet service providers are faced with new challenges of how to protect their networks and infrastructure. TCP state-exhaustion attacks These attacks attempt to consume the connection state tables that are present in many infrastructure components, such as load balancers, firewalls and the application servers themselves. Even high-capacity devices capable of maintaining state on millions of connections can be taken down by these attacks. Application layer attacks In 2010, there was a dramatic shift in DDoS, from primarily large volumetric attacks to smaller, harder-to-detect application-layer attacks that target some aspect of an application or service at Layer 7. These are the most sophisticated, stealthy attacks, as they can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to proactively detect and mitigate). ** Each of these attack types present unique challenges to network operators. The easiest attacks to mitigate are volumetric, which can be effectively mitigated by cloud-based managed security services. Attacks targeting existing infrastructure, and those that are “low-and-slow” targeting applications, are the most difficult to identify and mitigate. What makes DDoS such an effective weapon in recent years is the increasing complexity of attacks, the blending of attack types, targets and techniques. Take, for example, the recent attacks on financial institutions in the United States. These attacks used a combination of attack tools with vectors mixing application-layer attacks on HTTP, HTTPS and DNS with volumetric attack traffic on a variety of protocols including TCP, UDP, ICMP and others. The other unique characteristic of these attacks was the targeting of multiple companies in the same vertical at very high bandwidth. Compromised PHP web application servers were used as bots in the attacks. Additionally, many WordPress sites, often using the out-of-date TimThumb plug-in, were compromised around the same time. Joomla and other PHP-based applications were also leveraged. The attackers uploaded PHP WebShells to unmaintained servers and then used those shells to further deploy attack tools. The attackers connected to the tools either directly or through intermediate servers/proxies/scripts, and therefore the concept of command-and-control did not apply in the usual manner. This complex, rapidly evolving attack vector requires purpose-built tools, both on-premise and cloud-based, to provide comprehensive protection against both large attacks and those that target the application layer. And until we see pervasive deployment of best practices defenses, we can expect to see DDoS in the headlines for years to come. Winston Churchill offered some great advice that IT security professionals should keep top of mind as they adapt their defense to the threat landscape, “Success is not final, failure is not fatal: It is the courage to continue that counts.” Source: http://www.scmagazine.com/its-the-complexity-not-the-size-that-makes-ddos-effective/article/273775/

Visit link:
Details of the complexity of a Distributed Denial of Service (DDoS) Attacks

Mobile malware, botnets and attacks on the cloud to rise

ESET has published its annual review of the past year's threat trends and compiled predictions for 2013. According to the new report, the 2013 threatscape will see major growth of mobile malware and i…

Follow this link:
Mobile malware, botnets and attacks on the cloud to rise

Wells Fargo Still Dealing with Distributed Denial of Service (DDoS) Attack

Hacktivists’ phase 2 distributed-denial-of-service attacks against U.S. banks appeared to subside Dec. 19. Only Wells Fargo reported online access issues, but the bank pointed out that outages were limited. A day earlier, the bank reported a more extensive DDoS hit. The hacktivist group Izz ad-Din al-Qassam Cyber Fighters Group on Dec. 18 posted an update on Pastebin , saying targeted banks could expect more distributed-denial-of-service attacks this week, resembling the magnitude of attacks waged against Bank of America, JPMorgan Chase, PNC Financial Services, U.S. Bancorp and SunTrust Bank a week earlier The group, however, did not name its targets in the Dec. 18 posting. But based on outage reports confirmed Dec. 18 and Dec. 19 by Wells Fargo, the bank apparently was one of those that Izz ad-Din al-Qassam has chosen to attack this time around. Wells Fargo spokeswoman Sara Hawkins said some bank customers may have experienced issues accessing their online accounts throughout the day Dec. 19. “We’re not seeing widespread impact, but we do recognize that some customers may have intermittent access to our website,” she said. On Dec. 18, however, Hawkins said the bank was seeing heavier than typical traffic. “We’re seeing an unusually high volume of traffic, which is creating slow or intermittent access to our website for some online customers,” she said. But none of the five banks named as targets in Izz ad-Din al-Qassam’s Dec. 11 announcement of the launch of a phase 2 DDoS campaign reported similar issues. Ten banks were targeted in the first campaign of DDoS attacks, which ran from mid-September until mid-October. Those banks included the five noted above as well as Wells Fargo, Regions Bank, HSBC Holdings, BB&T Corp. and Capital One. Among these, only Wells has reported additional outages allegedly linked to Phase 2. The others confirmed Dec. 19 that their sites remained unaffected. The hacktivist group claims it will continue its attacks on U.S. banks until a YouTube movie trailer, deemed to be offensive to Muslims, is removed. The Financial Services Information Sharing and Analysis Center on Dec. 12 issued an advisory , outlining precautions institutions should take as they prepare for more attacks. The FS-ISCAC notes that hacktivists’ warning that the second phase will be more severe should be heeded. For DDoS protection for your eCommerce site click here . Source: http://www.bankinfosecurity.com/wells-fargo-still-dealing-ddos-a-5370

Read this article:
Wells Fargo Still Dealing with Distributed Denial of Service (DDoS) Attack