Monthly Archives: December 2012

Hacktivist Hints at New Distributed Denial of Service (DDoS) Attacks

The hacktivists are now letting their words speak for their actions. For the third time in one month, a source claiming to be part of the self-proclaimed hacktivist group known as Izz ad-Din al-Qassam Cyber Fighters has granted an interview to discuss the wave of high-profile distributed denial of service attacks on U.S. banks. During the recent interview with Flashpoint Global Partners , an international consulting firm, the hacktivist representative said more attacks would be waged and that methods of attacks would diverge, until a YouTube movie trailer deemed by the group to cast Islam in a negative light is removed from the Internet. “We have done what we had promised,” the source said. “If the film isn’t removed, we’ll use our other abilities according to the new conditions.” No New Attacks Since Sept. 18, the group has taken credit for attacks on 10 leading U.S. banks: Bank of America, JPMorgan Chase, Wells Fargo, PNC, U.S. Bank, CapitalOne, HSBC, SunTrust, Regions and BB&T. No new attacks have been claimed by the group since mid-October. In early November, Webster Bank and Zions Bancorp also suffered from DDoS attacks, which caused intermittent outages to their online-banking sites for several hours. While the attacks were not linked directly to Izz ad-Din al-Qassam, Zions spokesman Rob Brough said the bank did not know who was behind the attack. “There’s no way for us to know if the attack against us was just the next one [in the series of attacks waged by Izz ad-Din al-Qassam] or if it was just a coincidence,” Brough said. “What I can tell you is that we were well-prepared because of the other incidents. When we recognized that it was a DDoS attack, we had plans in place.” DDoS and Fraud? The attacks have been concerning for two reasons: customer frustration with online-banking inaccessibility and the possibility of fraud being perpetrated in the background. On Sept. 17, the Federal Bureau of Investigation, along with the Financial Services Information Sharing and Analysis Center, issued a warning about DDoS being waged to mask incidents of account takeover occurring simultaneously. In their alert, the FBI and FS-ISAC note recent attacks that linked DDoS to fraud. “In some of the incidents, before and after unauthorized transactions occurred, the bank or credit union suffered a distributed denial of service (DDoS) attack against their public Web site(s) and/or Internet Banking URL,” the alert states. “The DDoS attacks were likely used as a distraction for bank personnel to prevent them from immediately identifying a fraudulent transaction, which in most cases is necessary to stop the wire transfer” (see High Risk: What Alert Means to Banks ). So far, no bank has reported fraud linked to DDoS attacks waged by Izz ad-Din al-Qassam, but security experts question what might really be taking place in the background. Questioning Consultants’ Competency The latest interview with Izz ad-Din al-Qassam marks the third time a member claiming affiliation with the group has spoken out on the attacks. On Oct. 31, ABC News was granted an e-mail interview, and on Nov. 7 technology news site Softpedia was given e-mailed insights. During all interviews, alleged members of the Izz ad-Din al-Qassam group stressed the group was not supported by any nation-state, government or other hacktivist group, and that all of its members were merely tech-savvy volunteers with a common mission to see the YouTube video removed (see Hacktivist Speaks Out About DDoS ). In the most recent interview, the respondent defends Izz ad-Din al-Qassam’s purpose as well as the efficacy of its attacks. “Many of [the] technical comments during the attacks have made us doubtful about [the] technical competence of American companies’ security consultants,” the respondent said, when asked by Flashpoint if the botnets it used also have attacked web-hosting companies and Internet service providers. “Many of [the] technical statements about this case are not scientific, reliable or significant,” the source added. Break Suspicious, But Expected An Oct. 23 Pastebin post notes the group’s plans to temporarily halt attacks in honor of a three-day Muslim holiday. Pastebin is the public online forum Izz ad-Din al-Qassam has used to communicate updates about its attacks. The continued break from attacks is curious, says Mike Smith , a security evangelist and DDoS specialist at Web security provider Akamai Technologies. It’s just difficult to know who is behind which attacks, he says. Speculating is pointless, he says. What is clear, however, is that banking institutions and other organizations are continually targeted, and staying ahead of these attacks, regardless of who wages them, is a necessity. “We get two or more large attacks per week against our entire customer base and countless smaller ones,” Smith says. But connecting those to one hacktivist group over another is nearly impossible, he adds. “Some of those targets are financial services, some are not.” Information-sharing shortens response time, he adds. “It’s always tough to be the first target when a new attacker or technique appears because you have to work your way to a diagnosis and implement blocking: things that take time,” Smith says. “However, good incident managers and organizations doing threat intelligence share what they know with each other, so that during subsequent attacks, although of the same magnitude and lethality, the targeted organizations know what indicators there are to the start of the attack and what techniques worked the best in previous attacks.” For DDoS protection against your eCommerce site click here . Source: http://www.bankinfosecurity.com/hacktivist-hints-at-new-ddos-attacks-a-5325/op-1

More here:
Hacktivist Hints at New Distributed Denial of Service (DDoS) Attacks

Protecting Your Network Against Distributed Denial of Service ‘DDoS’ Attacks

As leaders in their field, IT managers are tasked with the burden of not only managing but protecting company networks. Dedicated servers can be adversely affected by DDoS attackers, as their firewalls can be penetrated and flooded with malicious communication requests. Before assessing how you can prevent DDoS attacks it is first important to understand what they are and where they come from. What Are DDoS Attacks? A DDoS attack attempts to render a network or machine inaccessible or unresponsive for any considerable length of time. DDoS attacks typically saturate a network with requests as to slow, disrupt or obstruct communication from the intended user. In some cases, a DDoS attack may overwhelm network firewalls, leaving the problem up to IP providers to fix. Typical symptoms may include the following: a high volume of spam emails, in-accessibility of websites or services or exceptionally slow network performance. Either way, a DDoS attack can adversely affect business by bringing down a website, company application or cloud based computing platform. Here are a few suggestions to go about mitigating the risk associated with DDoS attacks: Preventative Measures Against Attack Properly setup of network firewalls are a must. These days, modern firewalls can be configured to deny unusual protocols from un-identified IP addresses. For instance, if your network firewall is configured to block traffic from sources it can’t identify, it may drop any or all illegitimate service requests as to maintain a normalized bandwidth threshold. Though IP bottlenecks are not always a symptom of DDoS attacks, configuring a firewall to block traffic incoming from specific ports is a form of preventative maintenance. As stated earlier, DDoS attackers may flood a system as to render it unresponsive. Rate limiting switches detect incoming traffic and may filter or slow IPs in such a way that prevents them from flooding the system. Many switches have wide-area-networks fail overs, which adjust incoming IP filtering thresholds automatically. Again, it is important to configure these systems correctly in order for them to remain effective. If system upgrades are in order then IT managers need to weigh the cost against the risk posed by DDoS attacks. Costs To Consider Personnel Costs – If attacked, how many IT workers will it take to address and remedy the problem? Support Calls – Do you really want to be tied up on the phone calling tech support? Factor in the time spent at the help desk Lost Business – If a DDoS attack causes downtime to your website, how much revenue may be lost? Lost Customers – Investing in network protection means you are also investing in consumer confidence. How many customers may be lost due to downtime. Brand Reputation – When network outages occur, brands may suffer damage to their reputation. It is important to consider this last factor. Lastly, it is important to remember that DDoS attacks may also occur by accident. Some sites may experience a denial of service when they experience a high amount of traffic. In any case where a popular website links to a trending event, traffic may suddenly spike creating a unintentional denial of service. Focus your energies on preventing the malicious attacks and it’ll be smooth sailing for your business or enterprise. For DDoS protection against your eCommerce site click here . Source: http://www.colocationamerica.com/blog/protecting-your-network-against-ddos-attacks.htm

Original post:
Protecting Your Network Against Distributed Denial of Service ‘DDoS’ Attacks