Tag Archives: dos attacks

Seal with Clubs goes down due to DDoS Attack

Bitcoin poker site, Seals with Clubs, was twice targeted by a Distributed Denial of Service (DDoS) attack this weekend – forcing it offline for three days. It is not known why the US-facing poker site was targeted for the DDoS attacks – in which multiple computer systems overload a single web site with incoming traffic – or who was responsible. The first attack started on Thursday evening (local time) when the site became inaccessible to regular players while those who were already logged in found that their games stalled and then the site crashed. Seal with Clubs´ CEO Bryan Micon was quick to re-assure players on the site that no accounts had been compromised and the Seals with Clubs Twitter account kept clients up to date with the progress of “Seal Team 6” as the site battled to get the software transferred to a new data centre. However, shortly after getting up and running on Sunday, Seals with Clubs was hit by a second, smaller DDoS attack which knocked out all the Sunday feature tournaments on the site. Protection Implemented Against Further Attacks [The first attack] was a large DDoS, very sophisticated and quite powerful enough to knock everything off, get an IP blackholed, all that good stuff, Micon said in a statement to PokerFuse.com. We have quickly, in the middle of the weekend, changed datacenters and have a new, beefier setup with all of our data intact and a sick DDoS protection layer. New software has also been integrated into the Seals with Clubs downloadable client to add further protection, and players have been advised that they will have to update their existing software to enable them to play on Seals with Clubs. An update to the Seals with Clubs Android App is also expected later today (Monday). The Seals are Back By late Sunday evening, Seals with Clubs was back online and saw more than 300 players on the cash game tables with several low-value tournaments under way. Due to the change of data centres, players who recently deposited into their accounts may have to wait until Monday to see the funds appear in the cashier; however facilities for getting Bitcoin funds out of players´ accounts are operating normally with withdrawal requests dealt with in a matter of hours. Players who were involved in poker tournaments at the time of the DDoS attack have been told that they will receive “generous refunds” in respect of their tournament buy-ins. Source: http://www.pokernewsreport.com/seal-with-clubs-gets-battered-in-ddos-attack-12029

Anti-spam Spamhaus up again after 75Gbps Distributed Denial of Service (DDoS) Attacks

The website of non-profit spam fighter Spamhaus is online again after a huge DDoS attack knocked it offline on Sunday, but attackers are continue to target another anti-spam sites that help ISPs combat spam from infected IP addresses. Spamhaus, which provides several anti-spam DNS-based blocklists and maintains the “register of known spam operations”, came under a huge DDoS attack on Sunday, which knocked its web server and mail server offline until Wednesday. Spamhaus spokesperson Luc Rossini on Monday denied a report that Anonymous was behind the attack and pointed to a “Russian criminal malware gang” as the source. On Tuesday Spamhaus sought cover from the attack with DDoS protection provider CloudFlare, which today reported the attack on Spamhaus reached a peak of about 75 gigabits per second. The attackers used a cocktail of DDoS attack methods, but the primary one that helped generate that volume of traffic was a “reflection attack”, according to Matthew Prince, CloudFlare’s CEO. “The basic technique of a DNS reflection attack is to send a request for a large DNS zone file with the source IP address spoofed to be the intended victim to a large number of open DNS resolvers,” Prince explained, noting that 30,000 open DNS resolvers were recorded in the attack, which used spoofed IP addresses CloudFlare had issued to Spamhaus. “The resolvers then respond to the request, sending the large DNS zone answer to the intended victim. The attackers’ requests themselves are only a fraction of the size of the responses, meaning the attacker can effectively amplify their attack to many times the size of the bandwidth resources they themselves control.” Source: http://www.cso.com.au/article/456917/anti-spam_spamhaus_up_again_after_75gbps_ddos_attack/

Read the original:
Anti-spam Spamhaus up again after 75Gbps Distributed Denial of Service (DDoS) Attacks

Distributed Denial of Service-DDoS: 6 Banks Hit on Same Day

Six leading U.S. banking institutions were hit by distributed-denial-of-service attacks on March 12, the largest number of institutions to be targeted in a single day, says security expert Carl Herberger of Radware. The attacks are evolving, and the bot behind them, known as Brobot, is growing, he adds. This recent wave of DDoS attacks has proven to be the most disruptive among the campaigns that date back to September, says Herberger, vice president of security for the anti-DDoS solutions provider. “The Brobot has grown, the infection rate has increased, and the encrypted attacks have become more refined,” Herberger says. “As a result, it all is more effective. They’ve clearly gotten better at attacking more institutions at once.” Radware offers DDoS-mitigation tools to several high-profile clients, including U.S. banking institutions targeted in the recent attacks, Herberger says. As a result, the company has insights about numerous industrial sector attacks as well as online traffic patterns. Herberger declined to name the institutions affected, citing Radware’s non-disclosure agreements. But according to online traffic patterns collected by Internet and mobile- cloud testing and monitoring firm Keynote Systems Inc., JPMorgan Chase & Co., BB&T and PNC Financial Services Group suffered online outages on March 12. The three banks declined to comment about the attacks or confirm whether they had been targeted this week. Chase, however, acknowledged an online disruption in a March 12 post to the Chase Twitter f e ed . The post states: “*ALERT* We continue to work on getting Chase Online back to full speed. In the meantime, pls. use the Chase Mobile app or stop by a branch.” On March 13, the bank came back with this tweet: “We’re sorry it was such a rough day and we really appreciate your patience.” Phase 3 Attacks The hacktivist group Izz ad-Din al-Qassam Cyber Fighters on the morning of March 12 posted an update in the open forum Pastebin about its third phase of attacks. In it, the group mentions nine targets struck during the previous week. The group claims it is waging its attacks against U.S. banking institutions over a Youtube video deemed offensive to Muslims. The nine latest targets identified by the hacktivists – Bank of America, BB&T, Capital One, Chase, Citibank, Fifth Third Bancorp, PNC, Union Bank and U.S. Bancorp – have either declined to comment or have denied suffering any online disruptions. But Keynote Systems says Chase, BB&T and PNC suffered major online failures between 12:30 p.m. and 11 p.m. ET on March 12. Outages suffered by Chase resulted in a nearly 100 percent failure rating between the hours of 2 p.m. ET and 11 p.m. ET, says Ben Rushlo, Keynote’s director of performance management. “That means the site was unavailable most of that time. That’s pretty massive.” BB&T also had significant issues, but not quite so severe, Rushlo says. Between 12:30 p.m. and 2:30 p.m. ET, and then again briefly at 5:30 p.m. ET, BB&T’s online-banking site suffered intermittent outages, he adds. PNC’s site suffered a significant outage for a 30-minute span beginning bout 3:30 p.m. ET, Rushlo says. “On a scale relative to Chase, they were affected 10 times less.” Rushlo stresses that Keynote cannot confirm the cause of the online outages at the three banks because the company does not monitor DDoS activity; it only monitors customer-facing applications. Nevertheless, the online analysis Keynote conducts is in-depth, Rushlo contends. “We’re actually going behind the logons to emulate what the customer sees or experiences when they try to conduct online-banking,” he says. Defeating DDoS Radware’s Herberger says some institutions have successfully mitigated their DDoS exposure, while others are only succeeding at masking the duress their online infrastructures are experiencing. “There has been a lot of quick provisioning to address these attacks,” he says. “But if something changes, like it has now, then the whole game changes and the whole equilibrium changes. It’s not really solving the problem; it’s just addressing a glitch.” More banking institutions need to go beyond Internet protocol blocking to address attacks that are aimed at servers and site-load balancers, he says. But many organizations have failed to take the additional steps needed to successfully and consistently deflect these emerging DDoS tactics. “The thing that’s kind of frustrating to all of us is that we are six months into this and we still feel like this is a game of chess,” Herberger says. “How is it that an industry that has been adorned with so many resources – with more than any other industrial segment in U.S. – missed the threat of hacktivist concerns? There seems to clearly be industrial sector vulnerabilities that were missed in all of the historical risk assessments.” For DDoS protection click here . Source: http://www.bankinfosecurity.com/ddos-6-banks-hit-on-same-day-a-5607

Follow this link:
Distributed Denial of Service-DDoS: 6 Banks Hit on Same Day

GitHub Hit With Another DDoS Attack, Second In Two Days, And “Major Service Outage”

Services on code-sharing site GitHub have been disrupted for over an hour in what started as a “major service outage” because of a “brief DDoS attack.” This is the second DDoS attack in as many days and at least the third in the last several months: Yesterday, GitHub also reported a DDoS incident. And in October 2012, the service also went down due to malicious hackers. Today, the distributed denial of service incident has affected the site for at least an hour, starting at 10.43AM GMT with a major service outage. GitHub noted that the cause was a “another brief DDoS attack” and that service should be returning to normal. At 11.11AM, the site reported that some systems were still being affected. “Access to downloadable source code archives and uploaded files is temporarily down. We’re working to restore it asap,” it noted. There has been some debate over security at GitHub, with several people recently revealing the amount of sensitive information like passwords and private keys stored on publicly-accessible pages. On a code-sharing repository, this is not like blasting information as you might see in a display ad, but it’s the kind of information that can be found if you know how and where to look. And the DDoS attacks against GitHub go back some way. In Feburary 2012, for example, the site revealed a sustained attack that lasted for nearly a week. “This attack is global, and has been very intense at times. Yesterday morning, for example, github.com suddenly received requests from 10,000 times the number of clients it had handled the minute before,” Jesse Newland wrote on GitHub’s blog. That only resulted in an hour of total downtime. He also wrote that GitHub was putting in place measures to better protect against DDoS attacks in the future — although clearly not eliminate them completely. GitHub has had a lot of success in the last few years. With some 3 million developers using the site to post and share code; a recent $100 million round from Andreessen Horowitz; and other accolades, it exemplifies the wider trend of the rise of the enterprise startup — a status that likely also brings positive as negative attention. Update : Three hours later, everything is back up and working normally. We have reached out to ask whether GitHub has any more information about the incidents. Source: http://techcrunch.com/2013/03/10/github-hit-with-another-ddos-attack-second-in-two-days-and-major-service-outage/

Read the original:
GitHub Hit With Another DDoS Attack, Second In Two Days, And “Major Service Outage”

Czech finance sector hit by Distributed Denial of Service (DDoS) Attacks

The Czech financial sector was targeted in cyber attacks on Wednesday, with the national bank and stock exchange websites disrupted by dedicated denial of service (DDOS) attacks. The Czech financial sector was targeted in cyber attacks on Wednesday, with the national bank and stock exchange websites disrupted by dedicated denial of service (DDOS) attacks. The Czech National Bank’s official website was the victim of a “massive cyber attack” on the external server hosting its site, before being brought back online later that day. The attacks overloaded servers with thousands of requests, making them inaccessible to the central bank’s customers. However, the bank said in a statement that its internal IT systems were unaffected by the disruptions. “We apologise for any difficulties experienced by visitors to the CNB website due to the outage,” said CNB spokesman Marek Petru in a statement. Other major banks were also targeted, including CSOB, Ceska Sporitelna and Komercni Banka, as well as a number of smaller banks. It is not believed that customer data has been compromised. The Prague Stock Exchange also had its website taken down on Wednesday. according to Reuters, with a spokesman claiming that a “co-ordinated” attack by hackers was likely to be responsible. Earlier this week a number of Czech news outlets were targeted by the cyber attacks, with the website of the broadsheet newspaper DNES taken down. There have been a number of DDOS attacks against banks across the world in recent months. Earlier this week the Izz ad-Din al-Qassam Cyber Fighters group promised to continue a series of attack against US banks which began in October with DDOS attacks against JPMorgan Chase, Bank of America, CapitalOne and Citibank among others. The group indicated it would cease its campaign of attacks in January. In January two members of Anonymous were jailed in the UK for their part in DDOS attacks against a number of financial services companies including Visa and Mastercard. Last month Anonymous posted personal details of 4,000 bankers, after breaching defences of the US Federal Reserve. Source: http://computerworld.co.nz/news.nsf/security/czech-finance-sector-hit-by-cyber-attacks

See the original article here:
Czech finance sector hit by Distributed Denial of Service (DDoS) Attacks

Distributed Denial of Service (DDoS) Protection Hardware for the Data Centre… Or Not!

Earlier this month, Juniper Networks purchased Webscreen Systems from Accumuli a UK-based IT security specialist. With this acquisition, Juniper is furthering a strategy to try to deal with distributed denial of service (DDoS) attacks from within a data centre by adding more hardware. While one can understand why a company that produces and sells hardware would see hardware as the best fix, there are several reasons why this is the wrong solution for most consumers, and could actually unnecessarily cost you time, money and brand integrity. Given the varied range in DDoS hardware protection options out there, it seems that many feel this is the strongest solution to protect their online presence from a DDoS attack. However, after more than 15 years in the industry, I can think of five good reasons why using DDoS hardware protection in a data centre hosting environment is a flawed strategy. REASON #1 Increased costs passed on to customers. With DDoS hardware protection, the expense of purchasing, updating and maintaining the hardware, plus the necessary staff to manage it in a data centre hosting environment, will be high. These costs will be passed on to you, the hosting customer. REASON #2 More points of failure. By adding another piece of hardware, you are adding yet another point of failure. In all things networking, keeping your number of points of potential failure low is a key to success. Studies show that firewalls, IDS and other similar hardware protection platforms have over a 42 percent chance of failing. [Arbor Worldwide Infrastructure Security Report 2011 ] Do you want to be on that platform when it fails? REASON #3 Someone else’s problem becomes your problem. In a data centre environment, multiple customers often share resources (whether they know it or not). Platforms like servers, switches, routers and firewalls are often provisioned with more than one client. If you are sharing DDoS hardware protection, you become vulnerable to the problems of other clients sharing that device. REASON #4 One size never really fits all. A solution for a data centre will try to be generic enough to fit all clients’ needs, which means it probably won’t be specific enough for your exact requirements, or robust enough to handle more sophisticated attacks. REASON #5 How focused are the people watching your gear? Even with the best DDoS hardware protection out there, you might as well try to protect your websites with a toaster if there isn’t a proficient team dedicated to administering and managing the hardware. In a hosting environment, the operations team has many responsibilities, of which managing DDoS hardware is a low priority one. Even if someone is paying attention and able to divert their focus to your servers for a short while during a DDoS attack, it won’t be for long, and repeated DDoS attacks would likely go unmitigated, or your IP would be null-routed to save resources and minimize collateral damage. With so many vendors offering DDoS hardware protection, it might be tempting to conclude that it’s a safer option that will serve your business well. However, cloud-based DDoS protection offers many benefits that are not possible with DDoS hardware solutions, with few of the risks. To learn more about DOSarrest cloud-based DDoS protection and mitigation services, click here . Jag Bains, CTO, DOSarrest Internet Security (Formerly Director of Network Engineering and Operations for Peer1 Hosting)

See the original post:
Distributed Denial of Service (DDoS) Protection Hardware for the Data Centre… Or Not!

Predictions for Distributed Denial of Service (DDoS) Attacks in 2013 will be application based

Twenty-five percent of distributed denial of service (DDoS) attacks that occur in 2013 will be application-based, according to Gartner, Inc. During such incidents, attackers send out targeted commands to applications to tax the central processing unit (CPU) and memory and make the application unavailable. “2012 witnessed a new level of sophistication in organized attacks against enterprises across the globe, and they will grow in sophistication and effectiveness in 2013,” said Avivah Litan, vice president and distinguished analyst at Gartner. “A new class of damaging DDoS attacks and devious criminal social-engineering ploys were launched against U.S. banks in the second half of 2012, and this will continue in 2013 as well-organized criminal activity takes advantage of weaknesses in people, processes and systems.” High-bandwidth DDoS attacks are becoming the new norm and will continue wreaking havoc on unprepared enterprises in 2013. A new class of damaging DDoS attacks was launched against U.S. banks in the second half of 2012, sometimes adding up to 70 Gbps of noisy network traffic blasting at the banks through their Internet pipes. Until this recent spate of attacks, most network-level DDoS attacks consumed only five Gbps of bandwidth, but more recent levels made it impossible for bank customers and others using the same pipes to get to their websites. Hackers use DDoS attacks to distract security staff so that they can steal sensitive information or money from accounts. People continue to be the weakest link in the security chain, as criminal social engineering ploys reach new levels of deviousness in 2013. In 2012, several different fraud scams that took social engineering tactics to new heights of deviousness have been reported, including criminals approaching people in person as law enforcement or bank officers to help them through account migration that then comprised their bank accounts. Source: http://timesofindia.indiatimes.com/tech/enterprise-it/security/25-of-DDoS-attacks-to-be-application-based-in-2013/articleshow/18613476.cms

Excerpt from:
Predictions for Distributed Denial of Service (DDoS) Attacks in 2013 will be application based

California financial institution website hit with Distributed Denial of Service (DDoS) Attack costing $900,000

A Christmas Eve cyberattack against the Web site of a regional California financial institution helped to distract bank officials from an online account takeover against one of its clients, netting thieves more than $900,000. At approximately midday on December 24, 2012, organized cyber crooks began moving money out of corporate accounts belonging to Ascent Builders , a construction firm based in Sacramento, Calif. In short order, the company’s financial institution – San Francisco-based Bank of the West — came under a large distributed denial of service (DDoS) attack, a digital assault which disables a targeted site using a flood of junk traffic from compromised PCs. KrebsOnSecurity contacted Ascent Builders on the morning of Dec. 26 to inform them of the theft, after interviewing one of the money mules used in the scam. Money mules are individuals who are willingly or unwittingly recruited to help the fraudsters launder stolen money and transfer the funds abroad. The mule in this case had been hired through a work-at-home job offer after posting her resume to a job search site, and said she suspected that she’d been conned into helping fraudsters. Ascent was unaware of the robbery at the time, but its bank would soon verify that a series of unauthorized transactions had been initiated on the 24th and then again on the 26th. The money mule I spoke with was just one of 62 such individuals in the United States recruited to haul the loot stolen from Ascent . Most of the mules in this case were sent transfers of between $4,000 and $9,000, but several of them had bank accounts tied to businesses, to which the crooks wired huge transfers from Ascent’s account; five of the fraudulent transfers were for amounts ranging from $80,000 to $100,000. Mark Shope , president of Ascent Builders, said that when the company’s controller originally went online on the morning of Dec. 24 to check the firm’s accounts, her browser wouldn’t let her access the bank’s page. She didn’t know it at the time, but her computer was being remotely controlled by the attackers’ malware, which blocked her from visiting the bank’s site. “It said the bank was offline for 24 hours, and we couldn’t get in to the site,” Shope said. “We called the bank and they said everything was fine.” But soon enough, everything would not be fine from Bank of the West’s end. Not long after putting through a batch of fraudulent automated clearing house (ACH) and wire transfers from Ascent’s accounts, the fraudsters initiated a DDoS attack against the bank’s Web site, effectively knocking it offline. It’s not clear what tactics or botnets may have been used in the DDoS attack, but the cyberheist+DDoS approach matches the profile of cybercrime gangs using the Gameover Trojan – a ZeuS Trojan variant that has been tied to numerous DDoS attacks initiated to distract attention from high-dollar cyberheists. Shope said the FBI is actively investigating the breach. The FBI declined to comment for this story. Bank of the West also did not respond requests for comment. But a law enforcement source working the case and speaking on condition of anonymity confirmed that the bank was subjected to a DDoS attack at the time of the robbery. The law enforcement official added that Ascent may not have been the only victim that day at Bank of the West, and that several other businesses and banks in the local area had been similarly robbed on or around Christmas Eve. Shope said Bank of the West has been able to claw back about half of the stolen funds, and expects to recover a great deal more. He said many of the bigger fraudulent transfers went to other businesses. For example, one of the mules was either running or working at a Hertz equipment rental franchise on the East Coast, and had called Ascent Builders to complain after the bank discovered the fraud and began clawing back large transfers. That mule, apparently unaware he was helping thieves launder stolen money, was calling to find out what happened to his $82,000. “We got a call from a Hertz rental equipment company back east, and they said “Why did you take this deposit out of our account?’ Shope recalled. “I asked him what he thought it was for, and he said, “Oh, this was for some equipment that we were purchasing for you guys from Russia, and we already sent the money on [to Russia], so what’s going on?”‘ A few thoughts about this attack. If you run a business and suddenly find yourself unable to log in to your commercial account, pick up the phone and call your bank to inquire about any recent money transfer activity. Very often, malware that thieves use to steal banking passwords in these cyberheists will also redirect the victim to an error page that says the bank’s site is down for maintenance. If this happens to you, call your bank and ask them to check your accounts (don’t trust a customer service phone number offered on a “down for maintenance” page; call the number on your bank card or search online for the institution’s customer service number). Also, get educated about the risks of banking online with a business account, and then take steps to make sure your organization isn’t the next victim. Regulation E limits the liability for consumers who lose money due to unauthorized account activity online (provided they notify their financial institution of the fraudulent activity within 60 days of a statement). Businesses do not enjoy such protections, although a couple of recent court cases brought by cyberheist victims against their banks have gone in favor of the businesses, suggesting that banks may find it increasingly difficult to disavow financial liability in the wake of these attacks going forward. Finally, consider banking online with a dedicated system. This among several recommendations I include in a short list of other tips that small businesses should consider when banking online.

More:
California financial institution website hit with Distributed Denial of Service (DDoS) Attack costing $900,000

Evolving Distributed Denial of Service (DDoS) Attacks provide the driver for financial institutions to enhance response capabilities

Distributed Denial-of-Service (DDoS) attacks1 are not a new method employed by cyber criminals to inflict damage on victim entities’ networks. In fact, DDoS attacks were one of the first types of online crimes to appear in the dawn of the Internet age.2 In the past several years, however, cyber threat actors have rekindled this attack to produce two new variants, both of which specifically target the financial services sector. The first variant employs the DDoS attack merely as a diversion technique. In this method, which became noticeable in late 2011 and continues to present day, criminals conduct a DDoS attack on a victim website in order to divert attention and distract bank personnel from the underlying purpose of the attack—to steal online banking credentials and conduct unauthorized wire transfers. To execute this attack, criminals have used a commercially available crimeware kit—known as Dirtjumper—that can be bought and sold on criminal forums for only $200.3 While the purpose of the first type of DDoS is to increase the chance of successful financial fraud, the purpose of the second variant, which is the focus of this article, appears to be in line with the more traditional purpose of a DDoS—to disrupt services by rendering the website inaccessible to legitimate users. The new variant, however, is unprecedented in terms of its size, its industry focus, the attack vector it employs, its longevity and its potential source.4 At the same time, the response to these attacks has been extraordinary in terms of industry collaboration and information-sharing to mitigate the impact of the attacks.5 Given the combination of first-time factors contributing to this variant’s successes and because this new breed of cybercrime may be merely a sign of what awaits financial institutions in 2013, all financial institutions—small, mid-tiered and large alike—are advised to take this opportunity to review, reexamine and enhance their security incident response capabilities. The New DDoS Variant Beginning in mid-September 2012 and continuing over a six-week period, a dozen financial institutions were successfully targeted by a group initiating a series of sophisticated DDoS attacks against these banks’ websites.6 Most of the attacks were preannounced by the group claiming responsibility for the attacks—Izz ad-Din Al-Qassam Cyber Fighters (QCF).7 QCF claimed its motive was to stop widespread and organized offenses to Islamic spiritual and holy issues and, in particular, remove an offensive video from the Internet.8 Some sources, however, attribute the group’s activities to the government of Iran responding to prior alleged U.S. cyber attacks on its systems and networks.9 Approximately one-and-a-half months later, the QCF allegedly initiated a second campaign of attacks. This wave, which started as early as December 11, 2012, targeted many of the same banks and a few additional institutions with similar DDoS attacks.10 Indeed, the group claimed, based on a numerical sequence of “likes and dislikes” to Internet content it deems objectionable, that the attacks would continue for at least 14 months.11 However, seven weeks later on January, 29, 2013, the group claimed victory when the objectionable content was apparently removed from one of the sources on the Internet.12 This DDoS variant is significantly and substantially different from previous types of DDoS attacks in several ways. First, the volume of network traffic used to commit the attacks was substantial. In the first campaign of attacks, it was reported that some banks were hit with a flood of traffic peaking at 65 gigabits-per-second (gbps).13 Given that this volume is magnitudes above previous DDoS attacks, and that a mid-size business may only have the capacity to process 1 gbps of network traffic, this enormous influx of traffic is significant and problematic.14 The high-volume network traffic of this size can overwhelm most of a victim’s network infrastructure, and slow its response time to web inquires, if not grind it to a halt altogether. Second, the attacks were aimed at institutions in the financial services sector. Both the first and second campaigns targeted large financial institutions, while more recent attacks have targeted a broader range of institutions, including smaller banks and credit unions. 15 Although there is no evidence that these attacks have compromised customer accounts, QFC claims its attacks cost U.S. banks $30,000 for every minute their websites were down.16 Third, the attacks used a network of compromised web servers—nicknamed “brobot”—in contrast to the more traditional DDoS, which uses a network of compromised individual “zombie” computers—known as a “botnet.”17 By using web servers, which have significantly larger bandwidth than individual computers, fewer compromised computers are needed and the capability for massive traffic exists to flood the victims’ systems making it unresponsive to legitimate requests.18 Finally, industry experts have identified a layer of variability and persistence of tactics, particularly in that the toolkit allows attackers to react to defenses and modify attack strategy quickly.19 New attack vectors have also increased the effectiveness of strikes, partly because they utilize bilateral strikes against both Internet service providers and victim banks at the application level.20 Certainly, if the suspected source of the attack is true, the ability of the bad actors to draw upon unlimited resources in changing their tactics “on the fly” is not without reason. Industry Response Industry experts attribute an important contribution to minimizing the impact of the attacks to sharing critical threat data in near- to real-time both within the financial services sector and between government and the private sector.21 The Financial Services Information Sharing and Analysis Center (FS-ISAC), the designated operational arm of the Financial Services Sector Coordinating Council, was particularly effective in this regard by providing a mechanism to collect threat intelligence and alert participating members with reports containing anonymized information.22 The FS-ISAC issued a fraud alert the day following the first attack and, a few days later, raised awareness in the U.S. banking industry by changing its cyber threat level from “elevated” to “high.”23 In addition, technology and DDoS mitigation service providers have also provided a significant role in releasing new tools and mechanisms to plug the holes exploited by attackers.24 Some institutions also reached out directly to the government for assistance in the response. Utilizing an established process known as “Request for Technical Assistance” (RTAs), banks reach out to their regulators who, in turn, reach out to the U.S. Treasury Department to draw upon the appropriate resources in the federal government, including the Department of Homeland Security (DHS) and the National Security Agency (NSA), to provide the requested assistance.25 It appears that at least some banks have requested support from the NSA.26 The DHS has also spoken publicly about its ability to help financial institutions to defend against DDoS attacks.27 Regulator Response On December 21, 2012, the Office of the Comptroller of the Currency (OCC), an independent bureau of the U.S. Department of the Treasury, released an alert to CEOs of all national banks, federal branches and agencies, and associated interested parties, calling for a heightened sense of awareness and offering risk mitigation information in response to this series of sophisticated DDoS attacks.28 In the alert, the OCC reiterated its expectations that financial institutions have risk management programs in place to identify evolving threats to online accounts and adjust technology safeguards appropriately.29 Further, banks are expected to ensure that an effective incident response approach with sufficient staffing is in place and proactive due diligence reviews are conducted to identify and mitigate risks imposed by potential DDoS attacks.30 The regulators also encourage participation in information-sharing organizations such as the FS-ISAC.31 Conclusion In the wake of this unprecedented variant of a traditional cybercrime attack, financial institutions of all sizes should take the opportunity to review, reexamine, improve and expand their incident response capabilities. Of course, every situation varies and there is no “one-size-fits-all” response to any incident. However, building upon lessons learned from responding to these particular attacks, institutions may want to consider: developing a structure and mechanism to intake early warning signals and integrate them into an immediate response; participating in information-sharing within the sector and with external parties (vendors, regulators and law enforcement); testing response plans to ensure that outside parties, such as DDoS mitigation service providers, are able to deliver services as planned and anticipated; building a threat/defense matrix into incident response plans for certain threats, such as DDoS attacks; and employing a layered defense with multiple tactical defense options. In addition, financial institutions may want to consider expanding their arsenal of possible responses with creative solutions, such as: cross-industry collaboration (e.g., developing joint strategies with ISPs and information technology and telecommunication providers); employing active defense technologies; exploring informal and formal (i.e., legal) mechanisms to pursue intermediaries caught in the cross-fire; and exploring informal and formal mechanisms to dismantle the bad actor infrastructure. Source: http://www.lexology.com/library/detail.aspx?g=8779273b-682d-4e76-8cf9-eacdd429c406

More:
Evolving Distributed Denial of Service (DDoS) Attacks provide the driver for financial institutions to enhance response capabilities

DOSarrest Rolls Out New Website Monitoring Service

VANCOUVER, Jan. 22, 2013 /CNW/ – DOSarrest Internet Security announced a new website monitoring service today called the “ DOSarrest External Monitoring Service ” or “ DEMS ”. This new service is a real-time geographically distributed system, capable of monitoring a number of website performance metrics from three different geographic regions, every 60 seconds, utilizing six different sensors. This service may be purchased as a stand-alone product but is free for all DOSarrest customers that are subscribed to DOSarrest’s industry leading DDoS protection service. DOSarrest’s CTO, Jag Bains states “This is a must have if you’re using a CDN or are hosting some high-end, mission critical websites, and it’s a perfect fit for our fully managed DDoS protection service. This combined with our existing traffic metrics gives us and our customers the best visibility in the DDoS protection services arena.” Jag Bains adds “Although there are similar types of services available from third parties, our customers can also choose to have the DOSarrest support staff investigate, pin-point and advise the customer on a plan of action, 24/7/365. No such service exists today that offers this type of customer support”. Mark Teolis, GM of DOSarrest comments. “It’s a very intuitive and elegant design. I use it myself to view the status of all of our customers’ websites. At a glance and without a click, I can tell real-time if anyone is down from six different vantage points, and can easily drill down to a specific site and timeline of events for that site. Many Content Delivery Networks do not offer such a service to their customers. Their customers would have no idea if there was an issue accessing their website in a different region of the country or globe.” More information on this service can be found at: http://www.dosarrest.com/dems About DOSarrest Internet Security: DOSarrest founded in 2007 in Vancouver, BC, Canada is one of only a couple of companies worldwide to specialize in only cloud based DDoS protection services. Their global client base includes mission critical ecommerce websites in a wide range of business segments including financial, health, media, education and government. Their innovative systems, software and exceptional service has been leading edge for over 5 years now SOURCE: DOSarrest Internet Security Limited For further information: Brian Mohammed Director of Sales and Marketing Toll free CAN/US 888 818-1344 ext. 203 Toll Free UK 0-800-635-0551 ext. 203 Mobile: 416-434-6174 www.dosarrest.com Check out our video http://www.youtube.com/watch?v=mUs0vWYEIkQ

View article:
DOSarrest Rolls Out New Website Monitoring Service