Tag Archives: dos attacks

The dark cloud over US bank Distributed Denial of Service (DDoS) Attacks

Some in the US point the finger at Iran. Another group called the Izz ad-Din al-Qassam Cyber Fighters, motivated by the US Government’s inability to remove an anti-Muslim video called the Innocence of Muslims, claimed responsibility for the recent Dedicated Denial of Service (DDoS) attacks which have brought down US banking sites since September. But the identity of the perpetrator behind these recent events is only of secondary concern in this story which has been gracing US headlines for months now. This is because at the moment, for the banks that were attacked, the problem all lies in the Cloud. Since September last year, the attack has affected some of the world’s biggest banking names including Wells Fargo, the Bank of America, Citigroup and HSBC. The attackers did not make away with personal data, or commit any form of fraud but they did move DDoS off of the PC and into the remote server, where they could push forth with new improved artillery, powered by faster performance and better and more network connections. Those who point the finger at Iran say their reason for blame lies in the sophistication of the attack, but security company Imperva’s CTO and co-founder Amichai Shulman says to some extent, launching an attack from the server, especially when the Cloud is involved, can be easier and even more importantly more cost effective. “Basically the attackers still use compromised PCs. They use these PCs to search for vulnerable servers and then exploit these, injecting code into the server so that from that time on, the attackers control the servers from a central location, usually behind an anonymizer,” Shulman says. If the attack only relied on PCs, Shulman says 10 to 100 times more compromised PCs would be required then servers to launch an attack of a similar magnitude. “It is more complex managing 100,000 PCs or even 10,000 than managing those compromised servers. Once they can reduce the management complexity they can reduce costs and increase their ability to launch operations on a more frequent basis.” According to security firm Radware’s VP of Security Solutions Carl Herberger, who was talking with the American Banker, banks have never seen such large-scale DDoS attacks. Radware has been working with banks and cloud computing providers following the attacks, which have risen with the increased uptake of cloud adoption by the financial services industry. Herbenger says one unnamed bank with enough internet capacity to handle 40bn bytes of data saw nearly twice that amount of traffic as a result of the DDoS onslaught. “The multiplying of the flood is unbelievable,” Herberger told American Banker. “Their servers, processors and offloading devices simply could not handle this problem.” Has this not been though of before? Security, you would think, will always be top of concern for a financial services player. But the Cloud has made security much more difficult a promise, according to both Shulman and Herberger. “Cloud increases the risk because it is easier to use by the attackers and harder to mitigate by the bankers,” Shulman says. Herberger says the main problem comes from banks’ leasing of cloud services, an approach that ties together the facilities of the banks and cloud computing providers. This makes it more difficult to block data from a particular internet address when an organization comes under cyber attack. He says eventually such attacks could be used for distraction for more malicious and fraudulent activity. Shulman says in the past, banks (which are no stranger to DDoS attacks) have overcome the DDoS threat by installing higher amounts of bandwidth. “But you cannot over allocate network bandwidth just because there might be the possibility of someone launching a large attack at some time. It is just too costly,” Shulman says. “The bank’s primary risk is its data set, or financial fraud, and they are well prepared for that. But this is another technique coming up, and the threat is a very real threat. One thing to remember though is that while these banks have suffered from the recent attacks, there wasn’t a single attack that actually took down one of the banking applications for an entire day.” A new challenge This could be good news but Shulman says in the world of the hacker it can also mean another challenge – and that, in the long run, means more persistent attacks. Shulman says Imperva has been studying this new trend in its own labs and that every day, he sees attackers targeting a new vulnerable type of server, often finding hundreds and thousands of potential victims. “They keep collecting compromised servers, and in some cases they will lose some – but it means for the industry overall there is clearly a higher risk,” Sulman says. Shulman says the recent attacks highlight the risk to anyone using a web service, right down to the small and medium-sized business user. “If you have a web server or web application in the enterprise, you are going to be the target of attackers, even if you don’t have valuable information in your server. Just having enough bandwidth and the server makes you a target,” In some instances the trade-off for added security, will have to be latency as data travels through more security. “The consequence could be that all traffic going in and out of a compromised  server would eventually be blocked by security devices along the way,” Shulman says. The real question then – at least for now – will be how latency stands up to denied access when services are given a long-term view? For DDoS protection against your eCommerce site click here . Source: http://www.datacenterdynamics.com/focus/archive/2013/01/dark-cloud-over-us-bank-ddos-attacks

Excerpt from:
The dark cloud over US bank Distributed Denial of Service (DDoS) Attacks

Distributed Denial of Service (DDoS) Attacks: 2013 Predictions

During the last third of 2012, 10 major U.S. banks were the targets of powerful distributed-denial-of-service attacks apparently launched by a foreign hacktivist group. Some observers predict there will be many more DDoS attacks against financial institutions in 2013. They say hacktivists, organized crime rings and even nation states will be the perpetrators, working collaboratively in some cases and independently in others Financial fraud expert Avivah Litan, an analyst at Gartner Research, says the attacks will continue because they work, especially for criminals. “There is no reason for the criminals to stop,” Litan says. “They are getting away with them and not getting caught. These gangs will just keep escalating the attacks, up the ante and raise the stakes on the banks. The banks will have to find and implement solutions quickly. There really is no other choice.” DDoS attacks often will be used to disguise nefarious schemes aimed at stealing intellectual property and taking over accounts, especially when the attacks are waged against smaller institutions, regulators and security experts warn. John Walker , a member of ENISA’s security experts group and chair of ISACA’s Security Advisory Group in London, says banks won’t be able to fend off all of the attacks that are coming in the new year. “What we are seeing this year is just a tip in the ocean of what is planned for 2013,” he says. To prepare for continuing DDoS attacks, banking institutions should implement incident response strategies and involve staff across multiple lines of business, as well as external partners, regulators and experts say. Banks also should consider due diligence reviews of service providers, including Internet service providers and Web-hosting companies, to ensure they, too, have taken necessary steps to identify and mitigate risks associated with DDoS attacks. PNC, Others Take Hits Since September, the hacktivist group Iz ad-Din al-Qassam Cyber Fighters has grabbed headlines for two DDoS campaigns against banks. But so far, there’s been no evidence of fraud linked to these attacks. The hacktivist group announced Dec. 25 that yet another wave of attacks was coming as part of its second campaign In the latest development, PNC Financial Services, whose customers have suffered sporadic online access issues related to high volumes of traffic during both of the DDoS campaigns, reported it experienced minor site access issues late Dec. 27. But it did not link those issues to traffic connected with a DDoS attack. PNC spokeswoman Amy Vargo says some customers reported having trouble when trying to access the bank’s site during the afternoon of Dec. 27, but “this was a very short term and intermittent issue, and the systems were quickly restored to normal.” In a Dec. 10 post on Pastebin , Iz ad-Din al-Qassam Cyber Fighters announced plans for its second campaign, targeting PNC, U.S. Bancorp, Bank of America, JPMorgan Chase and SunTrust Banks. Since then, the group has posted two subsequent threats and has apparently hit all five targeted institutions as well as Wells Fargo and Citibank, part of Citigroup The hacktivist group says its waging the attacks in protest of a YouTube video deemed offensive to Muslims. The first campaign of attacks, which ran from mid-September to mid-October, targeted all of the institutions hit in the second campaign, as well as Regions Bank, HSBC Holdings and Capital One. Warning to Banks Some security experts, however, are questioning whether Pastebin posts being attributed to Izz ad-Din al-Qassam Cyber Fighters actually came from that group. Anyone could take credit for the posts and the attacks, says Mike Rothman of DDoS prevention provider Securosis. “We’ll likely see lots of folks claiming responsibility for attacks and many doing it to draw attention to their causes,” Rothman says. “Is it really one group or another? Hard to truly tell, and ultimately I don’t think it matters. The attacks will keep happening, sometimes for no apparent reason. Organizations need to be ready, and that doesn’t change, regardless of the adversary.” Smaller banking institutions not targeted by Izz ad-Din al-Qassam Cyber Fighters should guard against a false sense of security, says Bill Nelson , president and CEO of the FS-ISAC. “We saw a year ago that smaller banks and regional banks were being hit [by other DDoS attackers] and many were at a loss about why,” Nelson says. Eventually, investigators confirmed attempts to commit fraud in the background of those attacks. On Dec. 21, the Office of the Comptroller of the Currency issued an alert about the recent wave of DDoS attacks, noting that financial institutions had linked DDoS to fraud and the theft of proprietary information “These attacks by hacktivists are trying to strike terror,” Nelson says. “But cybercriminal groups have been attacking, too, off on their own launching cyberfraud. Rather than striking terror, they’re trying to make it more difficult to detect their fraud, and that’s the worry here.” Year Ahead Securosis’ Rothman says the recent waves of hacktivist attacks have drawn attention to the severity of the DDoS threat. “We have discovered a clear knowledge gap around the denial-of-service attacks in use today and the defenses needed to maintain availability,” Rothman writes in a November paper about DDoS prevention. “There is an all-too-common belief that the defenses that protect against run-of-the-mill network and application attacks will stand up to a DDoS. That’s just not the case.” Rothman says banking institutions of all sizes must start viewing DDoS attacks as instruments for multifaceted attacks. “It’s not news that some of the attackers have been using DDoS attacks to obscure ex-filtration activity,” Rothman says. “They basically work to divert the attention of the security folks with the DDoS while they steal data via other mechanisms.” Rothman says prevention steps recommended by the OCC just reiterate the obvious. “Financial institutions need to have risk management programs, and that would include tactics to mitigate against DDoS attacks as well as leveraging information-sharing networks to keep the flow of information going. If something bad happens, they need to report it and probably disclose it to customers.” Source: http://www.bankinfosecurity.com/ddos-attacks-2013-forecast-a-5396/p-2

View article:
Distributed Denial of Service (DDoS) Attacks: 2013 Predictions

Distributed Denial of Service (DDoS) Attacks on Major Banks Causing Problems for Customers

The websites of major U.S. banks are facing a new round of cyber attacks linked to the same group responsible for similar assaults earlier this year. The latest attacks started last week and have hit Bank of America Corp., SunTrust Banks Inc. (STI), JPMorgan Chase & Co. (JPM), U.S. Bancorp, Wells Fargo & Co. (WFC) and PNC Financial Services Group Inc. (PNC), according to two executives at companies providing security to some of the targeted banks, who asked for anonymity because they weren’t authorized to discuss clients and didn’t want their companies to become targets of computer assaults. PNC was under attack today, the executives said. A group calling itself Izz ad-Din al-Qassam Cyber Fighters announced plans to attack banks in a Dec. 10 statement posted on the website pastebin.com. The same group claimed responsibility for a series of distributed denial-of-service (DDoS) attacks in September and October that flooded bank websites with Internet traffic and caused disruptions and slowdowns for online customers. “The purpose of it is to try to disrupt or stop online banking access,” said Bill Nelson, president of the Financial Services Information Sharing and Analysis Center, which disseminates cyber threat information to the financial services industry. “There are some outages occasionally, but it hasn’t prevented customers from transacting business.” The Izz ad-Din group has said in Internet postings that the cyber attacks are in response to a video uploaded to Google Inc. (GOOG)’s YouTube ridiculing the Prophet Muhammad and offending some Muslims. Multiple Targets The current attacks, which began last week, involve the same tactics used in the earlier assault, harnessing commercial servers to pump traffic at bank websites and attacking applications including security devices such as firewalls or intrusion-detection systems, said Carl Herberger, a vice president at Radware Ltd. (RDWR), a Tel Aviv-based network security provider that is working with some of the banks. While the attackers targeted one bank per day in the previous campaign, they are hitting multiple banks in a single day this time, Herberger said. PNC, in a statement posted on its website, said it’s aware of the potential cyber threat, which could “make it difficult for our customers to log onto online banking.” “Please be assured that PNC’s website is protected by sophisticated encryption strategies that shield customer information and accounts,” the statement reads. “We have no information regarding timing, duration or intensity of this potential threat.” Slow Access Wells Fargo said its website was experiencing an unusually high volume of traffic, creating slow or intermittent access for some customers. “The vast majority of customers are not impacted, but for those who are, we encourage them to access their accounts through our stores, ATMs or by phone as we work to resolve the issue,” according to a statement e-mailed yesterday by Bridget Braxton, a Wells Fargo spokeswoman. Mark T. Pipitone, a Bank of America spokesman, declined to comment, as did Tom Kelly, a spokesman for JPMorgan. The attackers are changing their “signatures,” or techniques, every 7 to 10 minutes, requiring constant monitoring, said Scott Hammack, chief executive officer of Prolexic Technologies, a Hollywood, Florida-based company that provides protection from DDoS attacks. DDoS Attacks Denial-of-service attacks have long been a favored tactic of hacker-activists, and software kits to mount such assaults are available for purchase on the black market, Meaghan Molloy, a senior threat analyst at Mandiant Corp., an Alexandria, Virginia-based information-security firm, said in an e-mail. While the Izz ad-Din al-Qassam Cyber Fighters group said the attacks are in retaliation for the YouTube video, “it’s worth noting” that the Federal Bureau of Investigation last year warned that DDoS attacks were being used to deflect attention from fraudulent wire transfers from compromised bank accounts, Molloy said. Banks targeted in the current attacks are working with Internet-service providers and the U.S. government to share information on the tactics and techniques of the attackers, said Nelson, of the Financial Services Information Sharing and Analysis Center. Source: http://www.bloomberg.com/news/2012-12-20/major-banks-under-renewed-cyber-attack-targeting-websites.html

Read the original:
Distributed Denial of Service (DDoS) Attacks on Major Banks Causing Problems for Customers

National banking regulator advises on Distributed Denial of Service (DDoS) Attack deluge

The regulator for national banks issued an alert Friday about the apparent uptick in distributed denial-of-service (DDoS) attacks being waged against financial institutions. The note from the Office of the Comptroller of the Currency (OCC), which was addressed to the heads of national banks, federal branches and agencies, technology service providers and other related organizations, described how a recent wave of DDoS attacks are disrupting the availability of some bank websites. The spate seemed to kick off in early fall, and many top banks are still experiencing on-and-off attacks. “Each of these groups had different objectives for conducting these attacks, ranging from garnering public attention to diverting bank resources while simultaneous online attacks were underway and intended to enable fraud or steal proprietary information,” the alert said. The bulletin recommends that banks maintain a “heightened sense of awareness regarding these attacks” and ensure they are prepared to deal with them. That includes appropriating staff and third-party contractors to help thwart the attacks; implementing an incident response plan across various departments; and sharing information among affected organizations. In addition, because often the attacks target banks’ service providers, the OCC suggests that financial institutions review the response capabilities of their ISPs and web-hosting vendors. The alert also encourages banks that are sustaining a DDoS attack to remain in communication with customers, conveying any risks they face, as well as safeguards they can take. The OCC said banks should view their security in terms of risk management. But the alert also reminded institutions that they are obligated to follow the Federal Financial Institutions Examination Council (FFIEC) guidelines, which were updated in 2011 to address corporate account takeovers. Often, DDoS attacks run cover for attackers who are simultaneously logged in to victims’ bank accounts while fraudulently transferring out money from their accounts. Avivah Litan of research firm Gartner said in a blog post Friday that the alert shows the OCC is taking the threat seriously, and this will likely result in increased regulatory enforcement. “Some banks do spend enough on security – but many do not,” she wrote. “This will help ensure that all – and not just some – of the banks regulated by the OCC at least, are putting the requisite resources into defending against DDoS attacks and their attending damage.” Source: http://www.scmagazine.com/national-banking-regulator-advises-on-ddos-deluge/article/273769/

See original article:
National banking regulator advises on Distributed Denial of Service (DDoS) Attack deluge

Details of the complexity of a Distributed Denial of Service (DDoS) Attacks

DDoS‘s popularity as an attack method can be explained by how important availability is to most organizations’ ability to function. Availability is as critical to an organization today as electricity. If an organization is taken offline, it can lose the ability to generate revenue from its customers, or the ability to access cloud-based data and applications. And, if publicized, the downtime can damage its reputation and brand. Arbor Networks’ data, gathered from more than 240 service provider deployments, shows that, without question, DDoS attacks are getting bigger. Much bigger. Consider the statistics: The average attack in September was 1.67 Gbps, a 72-percent growth from September 2011. The number of mid-range attacks, ranging 2-10 Gbps, also has increased, up 14.35% so far in 2012. Very large attacks, 10 Gbps+, were up 90 percent during 2011. The largest attack this year measured 100.84 Gbps. Hackers seek out pain points for an organization, like maintaining availability, and look to exploit weaknesses in infrastructure and existing security defenses. From that perspective, DDoS is a great tool. There are three main categories of DDoS attack: Volumetric attacks These attacks attempt to consume the bandwidth either within the target network/service, or between the target network/service and the rest of the internet. These attacks are simply about causing congestion. Volumetric attacks first emerged in 2001 when Microsoft, eBay and Yahoo were taken offline by what back then was considered large attacks in the 300 Mbps range – a relatively low volume attack. With DDoS attacks now exceeding 100 Gbps, internet service providers are faced with new challenges of how to protect their networks and infrastructure. TCP state-exhaustion attacks These attacks attempt to consume the connection state tables that are present in many infrastructure components, such as load balancers, firewalls and the application servers themselves. Even high-capacity devices capable of maintaining state on millions of connections can be taken down by these attacks. Application layer attacks In 2010, there was a dramatic shift in DDoS, from primarily large volumetric attacks to smaller, harder-to-detect application-layer attacks that target some aspect of an application or service at Layer 7. These are the most sophisticated, stealthy attacks, as they can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to proactively detect and mitigate). ** Each of these attack types present unique challenges to network operators. The easiest attacks to mitigate are volumetric, which can be effectively mitigated by cloud-based managed security services. Attacks targeting existing infrastructure, and those that are “low-and-slow” targeting applications, are the most difficult to identify and mitigate. What makes DDoS such an effective weapon in recent years is the increasing complexity of attacks, the blending of attack types, targets and techniques. Take, for example, the recent attacks on financial institutions in the United States. These attacks used a combination of attack tools with vectors mixing application-layer attacks on HTTP, HTTPS and DNS with volumetric attack traffic on a variety of protocols including TCP, UDP, ICMP and others. The other unique characteristic of these attacks was the targeting of multiple companies in the same vertical at very high bandwidth. Compromised PHP web application servers were used as bots in the attacks. Additionally, many WordPress sites, often using the out-of-date TimThumb plug-in, were compromised around the same time. Joomla and other PHP-based applications were also leveraged. The attackers uploaded PHP WebShells to unmaintained servers and then used those shells to further deploy attack tools. The attackers connected to the tools either directly or through intermediate servers/proxies/scripts, and therefore the concept of command-and-control did not apply in the usual manner. This complex, rapidly evolving attack vector requires purpose-built tools, both on-premise and cloud-based, to provide comprehensive protection against both large attacks and those that target the application layer. And until we see pervasive deployment of best practices defenses, we can expect to see DDoS in the headlines for years to come. Winston Churchill offered some great advice that IT security professionals should keep top of mind as they adapt their defense to the threat landscape, “Success is not final, failure is not fatal: It is the courage to continue that counts.” Source: http://www.scmagazine.com/its-the-complexity-not-the-size-that-makes-ddos-effective/article/273775/

Visit link:
Details of the complexity of a Distributed Denial of Service (DDoS) Attacks

Wells Fargo Still Dealing with Distributed Denial of Service (DDoS) Attack

Hacktivists’ phase 2 distributed-denial-of-service attacks against U.S. banks appeared to subside Dec. 19. Only Wells Fargo reported online access issues, but the bank pointed out that outages were limited. A day earlier, the bank reported a more extensive DDoS hit. The hacktivist group Izz ad-Din al-Qassam Cyber Fighters Group on Dec. 18 posted an update on Pastebin , saying targeted banks could expect more distributed-denial-of-service attacks this week, resembling the magnitude of attacks waged against Bank of America, JPMorgan Chase, PNC Financial Services, U.S. Bancorp and SunTrust Bank a week earlier The group, however, did not name its targets in the Dec. 18 posting. But based on outage reports confirmed Dec. 18 and Dec. 19 by Wells Fargo, the bank apparently was one of those that Izz ad-Din al-Qassam has chosen to attack this time around. Wells Fargo spokeswoman Sara Hawkins said some bank customers may have experienced issues accessing their online accounts throughout the day Dec. 19. “We’re not seeing widespread impact, but we do recognize that some customers may have intermittent access to our website,” she said. On Dec. 18, however, Hawkins said the bank was seeing heavier than typical traffic. “We’re seeing an unusually high volume of traffic, which is creating slow or intermittent access to our website for some online customers,” she said. But none of the five banks named as targets in Izz ad-Din al-Qassam’s Dec. 11 announcement of the launch of a phase 2 DDoS campaign reported similar issues. Ten banks were targeted in the first campaign of DDoS attacks, which ran from mid-September until mid-October. Those banks included the five noted above as well as Wells Fargo, Regions Bank, HSBC Holdings, BB&T Corp. and Capital One. Among these, only Wells has reported additional outages allegedly linked to Phase 2. The others confirmed Dec. 19 that their sites remained unaffected. The hacktivist group claims it will continue its attacks on U.S. banks until a YouTube movie trailer, deemed to be offensive to Muslims, is removed. The Financial Services Information Sharing and Analysis Center on Dec. 12 issued an advisory , outlining precautions institutions should take as they prepare for more attacks. The FS-ISCAC notes that hacktivists’ warning that the second phase will be more severe should be heeded. For DDoS protection for your eCommerce site click here . Source: http://www.bankinfosecurity.com/wells-fargo-still-dealing-ddos-a-5370

Read this article:
Wells Fargo Still Dealing with Distributed Denial of Service (DDoS) Attack

To the Rescue: A Fully Managed Distributed Denial of Service (DDoS) Protection Solution

With its hosting DNA, DOSarrest understands the challenges of dealing with a distribute denial of service (DDoS) attack in a data center. We know, for example, that for every minute your website is reeling from a DDoS attack, thousands – or even hundreds of thousands-of dollars can be lost in the form of missed sales and credibility with your customers. In addition to lost revenue, you risk future losses due to the negative impact to your search engine optimization (SEO) ranking caused by a prolonged outage – a penalty from which it can take months to recover. To help avoid these problems, DOSarrest designed a cloud-based mitigation service that provides carrier-grade service and leaves your Web infrastructure intact. Because we created a multilayered defense system in each of its geo-distributed mitigation centers, we can handle the large Layer 2 and Layer 3 attacks all the way to the most sophisticated application layer incursions with relative ease. Expecting the Unexpected Given the relatively low barrier of entry for the committed attacker, a DDoS attack can be launched at anytime for a variety of reasons, unbeknownst to the victim. Because of this uncertainty, we had to design a mitigation service that could be implemented within minutes. By using a distributed architecture, we can provide both DDoS protection and added website performance for our customers. But this distribution presented some challenges we had to overcome. Given that we broadcast our customers’ content from several locations between Europe and North America, we needed to know how each location was performing. Ensuring Total Stability and Performance To solve this problem we developed – and are now in the process of rolling out – DOSarrest External Monitoring Service (DEMS) , a completely separate website monitoring service designed to ensure the highest degree of stability and performance for all the geographic regions from which we broadcast. Even some of the world’s largest content-delivery networks don’t supply this information to their customers. With DEMS , we can provide the first fully managed DDoS protection service, backed by a team of engineers on duty 24/7/365 in our Security Operations Center, which is capable of detecting and thwarting an oncoming attack before it has any effect. Our philosophy is to resolve issues that may arise on the first call or e-mail from our customers. There are no auto-replies here, as an experienced engineer responds to every inquiry, normally within 10 minutes. Jag Bains, CTO at DOSarrest Internet Security . To read more about the InformationWeek DDoS Special Report, download it here: http://www.informationweek.com/gogreen/121112fs

More here:
To the Rescue: A Fully Managed Distributed Denial of Service (DDoS) Protection Solution

4 Banks Respond to Distributed Denial of Service (DDoS) Threats

The day after Izz ad-Din al-Qassam Cyber Fighters announced plans to launch a second wave of distributed-denial-of-service attacks on five U.S. banks, SunTrust suffered intermittent outages and Bank of America and PNC said small numbers of their customers reported having trouble accessing their sites. But it remained unclear whether the problems were the result of an attack. U.S. Bank, which did not suffer any known outages or access issues, did, however, acknowledge that new attacks could be on the way. On Dec. 11, PNC used social media to warn consumers that site outages should be expected, but that account and online-banking credentials would remain secure. And one expert was advising banks to expect the worst, saying Izz ad-Din al-Qassam Cyber Fighters’ second wave of attacks would likely be more fierce than the first. The online-monitoring site websitedown.com reported that about noon ET on Dec. 11, SunTrust Banks website suffered intermittent outages. But SunTrust executives declined to comment on the nature of the outages. BofA spokesman Mark Pipitone said that while BofA’s site suffered no overall outages, an isolated number of online-banking users reported problems accessing the site. “We’re aware of the reports of possible cyberattacks, and we’re monitoring our systems, which are fully operational,” Pipitone said in the early evening of Dec. 11. PNC spokeswoman Amy Vargo said some PNC customers may have experienced intermittent difficulty logging in on their first attempts. “We are aware of the situation and working to restore full access,” she said during the early evening of Dec. 11. “We are focused on minimizing disruption to our customers and will review the cause of this incident once full access is restored.” And U.S. Bank spokesman Tom Joyce told the Minneapolis/St. Paul Business Journal that the bank is “taking all necessary steps” to prepare for more attacks. “It’s important to note that these denial-of-service attacks are designed to slow down banks’ websites and create a nuisance for consumers,” Joyce said. “Customers can be assured that their data and funds are secure.” The hacktivist group Izz ad-Din al-Qassam Cyber Fighters named SunTrust, U.S. Bancorp, JPMorgan Chase, Bank of America and PNC Financial Services Group as targets for its next wave of DDoS attacks. The group, in a Dec. 10 post on Pastebin , announced plans for what it portrays as “Phase 2 Operation Ababil” – a second campaign of attacks waged against leading U.S. banks to protest a YouTube movie trailer deemed offensive to Muslims. All five banks were targets – along with Wells Fargo, Capital One, Regions Bank, BB&T and HSBC – during the first wave of DDoS attacks , which ran from mid-September to mid-October. During that period, each bank’s website suffered intermittent outages of varying degrees. CapOne was the only institution targeted twice in the first wave (see CapOne Takes Second DDoS Hit ). PNC’s Communications Stand Out On Dec. 11, three of the five newly targeted banks were remaining quiet, declining to comment about the threat and steps they were taking, if any, to communicate with consumers about the expectation of more attacks. BofA acknowledged isolated reports from consumers who suffered difficulty logging in. PNC, the only bank to publicly outline details surrounding the DDoS attack it suffered in the first wave, however, immediately took steps to notify the public of the possibility for a second attack. Through Dec. 11 posts on the social-networking sites Facebook and Twitter , PNC forewarned online-banking customers that outages should be expected. “This potential threat could result in high volume of electronic traffic that may make it difficult for our customers to log onto online banking,” the bank stated on its Facebook page and website . “Please be assured that PNC’s website is protected by sophisticated encryption strategies that shield customer information and accounts. We have no information regarding timing, duration or intensity of this potential threat. Please continue to follow our page for additional updates.” Fiercer Attacks Ahead? Why these five banks have been targeted for a second attack is not clear. But John Walker , an independent security professional in London and member of the European Network and Information Security Agency’s security experts team, says banks should expect the new attacks to be more fierce than the first, as the hacktivists promised in their Dec. 10 post. “By showing the game can be taken to ever-increasing levels starts to focus the mind of the victim organizations as to their frailty,” Walker says. “They [the hacktivists] are, I believe, demonstrating their power.” Walker says banks learned valuable lessons during the first wave, which will provide them with tools to better prepare this time around. But they should not be overly confident in their abilities to stave off outages. “This style of attack has not even matured yet, and there is more to come,” he says. “The time has arrived for … more techno-savvy security – and more honesty in the boardroom – as to real-time security exposure before the event, not just after it has impacted the business.” Source: http://www.bankinfosecurity.com/webinars/new-wave-ddos-attacks-how-to-prepare-respond-w-308

Continue reading here:
4 Banks Respond to Distributed Denial of Service (DDoS) Threats

British student found guilty of Anonymous PayPal Distributed Denial of Service (DDoS) Attacks

A British student has been convicted over his role in a series of denial of service attacks against PayPal, which cost the payment firm £3.5m. Christopher Weatherhead was part of an Anonymous gang that attacked PayPal in protest at the firm’s decision not to handle payments being made to whistle-blowing website Wikileaks, in an attack dubbed ‘Operation Payback’. According to multiple reports, the jury hearing the case took little more than two hours to reach their guilty verdict. Three other members of the gang had already pleaded guilty but Weatherhead had argued he had not taken part in the attacks, claiming his role had been limited to operating Anonymous chat rooms. The judge presiding over the case, Peter Testar, told the defendants that he regarded the offences as serious. Weatherhead, who was a student at Northampton University at the time of the attacks, was found guilty under the Criminal Law Act 1977, and could face jail time as a result of the guilty verdict. The Metropolitan Police arrested five youths in 2011 in connection with Operation Payback, while other suspected members were arrested by the Dutch authorities. Operation Payback had initially begun as a protest against the music industry’s anti-piracy stance, but the focus changed after Wikileaks published a series of leaked diplomatic memos. Several financial services firms including PayPal, MasterCard and Visa withdrew services from Wikileaks, and as a result drew the ire of the Anonymous activists. Source: http://www.v3.co.uk/v3-uk/news/2230251/british-student-found-guilty-of-anonymous-paypal-ddos-attacks

Link:
British student found guilty of Anonymous PayPal Distributed Denial of Service (DDoS) Attacks

Protecting Your Network Against Distributed Denial of Service ‘DDoS’ Attacks

As leaders in their field, IT managers are tasked with the burden of not only managing but protecting company networks. Dedicated servers can be adversely affected by DDoS attackers, as their firewalls can be penetrated and flooded with malicious communication requests. Before assessing how you can prevent DDoS attacks it is first important to understand what they are and where they come from. What Are DDoS Attacks? A DDoS attack attempts to render a network or machine inaccessible or unresponsive for any considerable length of time. DDoS attacks typically saturate a network with requests as to slow, disrupt or obstruct communication from the intended user. In some cases, a DDoS attack may overwhelm network firewalls, leaving the problem up to IP providers to fix. Typical symptoms may include the following: a high volume of spam emails, in-accessibility of websites or services or exceptionally slow network performance. Either way, a DDoS attack can adversely affect business by bringing down a website, company application or cloud based computing platform. Here are a few suggestions to go about mitigating the risk associated with DDoS attacks: Preventative Measures Against Attack Properly setup of network firewalls are a must. These days, modern firewalls can be configured to deny unusual protocols from un-identified IP addresses. For instance, if your network firewall is configured to block traffic from sources it can’t identify, it may drop any or all illegitimate service requests as to maintain a normalized bandwidth threshold. Though IP bottlenecks are not always a symptom of DDoS attacks, configuring a firewall to block traffic incoming from specific ports is a form of preventative maintenance. As stated earlier, DDoS attackers may flood a system as to render it unresponsive. Rate limiting switches detect incoming traffic and may filter or slow IPs in such a way that prevents them from flooding the system. Many switches have wide-area-networks fail overs, which adjust incoming IP filtering thresholds automatically. Again, it is important to configure these systems correctly in order for them to remain effective. If system upgrades are in order then IT managers need to weigh the cost against the risk posed by DDoS attacks. Costs To Consider Personnel Costs – If attacked, how many IT workers will it take to address and remedy the problem? Support Calls – Do you really want to be tied up on the phone calling tech support? Factor in the time spent at the help desk Lost Business – If a DDoS attack causes downtime to your website, how much revenue may be lost? Lost Customers – Investing in network protection means you are also investing in consumer confidence. How many customers may be lost due to downtime. Brand Reputation – When network outages occur, brands may suffer damage to their reputation. It is important to consider this last factor. Lastly, it is important to remember that DDoS attacks may also occur by accident. Some sites may experience a denial of service when they experience a high amount of traffic. In any case where a popular website links to a trending event, traffic may suddenly spike creating a unintentional denial of service. Focus your energies on preventing the malicious attacks and it’ll be smooth sailing for your business or enterprise. For DDoS protection against your eCommerce site click here . Source: http://www.colocationamerica.com/blog/protecting-your-network-against-ddos-attacks.htm

Original post:
Protecting Your Network Against Distributed Denial of Service ‘DDoS’ Attacks