Tag Archives: stop ddos attacks

The multiple faces of Distributed Denial of Service (DDoS) Attacks

According to Stratecast, DDoS attacks are increasing in number by 20 per cent to 45 pc annually Google, Microsoft, Apple, PayPal, Visa, MasterCard… many of the world’s largest websites have all been victims of Distributed-Denial-of-Service (DDoS) attacks. A DDoS attack consists in having a multitude of systems attack a single target in an attempt to make its resources unavailable to its intended users. During the last decade, the number of DDoS attacks has increased and their motivations and targets have evolved. Karine de Ponteves, FortiGuard AV analyst at Fortinet, traces the evolution of these attacks. Early 2000: Into the spotlight Although we can’t be sure when the first real DDoS attack occurred, the first large-scale distributed attack (DDoS) happened in 1999, against the IRC server of the University of Minnesota. 227 systems were affected and the attack left the university’s server unusable for two days. In February 2000, many popular websites including Yahoo!, eBay, CNN and Amazon.com, were paralyzed for hours. Yahoo! suffered a loss of $500,000 during its three hours of downtime, while the volume of activity of the CNN.com site dropped by 95%. The downtime loss was huge. A 15-year old Canadian known as “Mafiaboy” was arrested and charged for the attacks. His motivation? Defiance. This teenager just wanted to show off his skills. To do so, he scanned a network to find a number of vulnerable hosts; compromised the hosts by exploiting a known vulnerability; deployed software turning the host into a “zombie”; and then propagated the attack so that each zombie would in their turn compromise new targets, following the same process. 2005: A lucrative attack In the early 2000s, in order to create a botnet to launch a DDoS attack, the hacker would have to follow the same steps as the ones used by Mafiaboy. With the advent of Internet worms, those steps became automated, enabling a hacker to trigger large-scale attacks. In August 2005, 18-year-old Farid Essabar, who had never studied computer programming, was arrested for the spread of the MyTob worm. The worm would open a backdoor on the infected MS Windows host, connecting to a remote IRC server and waiting for commands. It would self-propagate at reboot copying itself over network shares, opening the door to massive DDoS attacks with all the hosts compromised by the worm and executing the commands sent over IRC. The outbreak was covered live on CNN as the TV channel own computers network became infected. What were the intentions this time? Not to actually disrupt corporate networks, but to extort thousands of dollars from companies by threatening to target DDoS attacks to their networks. Quickly, the targeted enterprises decided to pay the extortionists rather than deal with the consequences of a DDoS attack. 2010: DDoS and hacktivism In 2010, mainstream media extensively reported high-profile DDoS attacks motivated by political or ideological issues such as the well-publicized Wikileaks/Anonymous series of incidents. That year, attackers dramatically increased attack volumes, and, launched for the first time attacks breaking the 100Gbps barrier, which represents about 22,000 times the average bandwidth of an Internet user in the U.S. in 2010. In December, Wikileaks came under intense pressure to stop publishing secret United States diplomatic cables. In response, the Anonymous group announced its support, and termed Operation Payback the series of DDoS attacks it led against Amazon, PayPal, MasterCard and Visa in retaliation of the anti-Wikileaks behavior. These attacks caused both MasterCard and Visa’s websites to be brought down on December 8th. The tool behind the Anonymous/Wikileaks attacks is called the Low Orbit Ion Cannon (LOIC). Although it was originally an open-source load-testing tool, designed to conduct stress tests for web applications, it was in that case used as a DDoS tool. 2012 and beyond: The acceleration of application-layer based attacks Although there are many different attack methods, the DDoS attacks can be generally classified into two categories: Volumetric attacks: Flood attacks saturate network bandwidth and infrastructure (e.g.: UDP, TCP SYN, ICMP). Application-layer attacks: These attacks are designed to target specific services and exhaust their resources (HTTP, DNS). Because they use less bandwidth, they are harder to detect. The ideal situation for application-layer DDoS attacks is where all other services remain intact but the webserver itself is completely inaccessible. The Slowloris software was born from this concept, and is therefore relatively very stealthy compared to most flooding tools. According to Stratecast, DDoS attacks are increasing in number by 20% to 45 pc annually, with application-based DDoS attacks increasing in the triple digits levels. The trend toward application-layer DDoS attacks is clear, and unlikely to reverse. This trend is not, however, an indication that network-layer or flow-based, volumetric attacks will cease. On the contrary, both types of attacks will combine to be more powerful. The 2012 Verizon Data Breach Investigations Report reveals that several high profile application-layer DDoS attacks hiding behind volumetric attacks were used to obscure data theft efforts, proving that multi-vector attacks are now used to hide the true target of the attack. DDoS attacks are growing in frequency and severity while, in parallel, the means to launch an attack are simplified and the availability of attacker tools increases. In addition, the complexity of these attacks is increasing due to their polymorphic nature as well as the development of new tools to obfuscate their true nature. As a result, traditional methods of detection are often useless and mitigation gets more difficult. With such evolution, it is essential that organizations revise their security posture and make sure they have the right defenses in place to be protected against DDoS attacks. Here, the main challenge is to have sufficient visibility and context to detect a wide range of attack types without slowing the flow and processing of legitimate traffic; and then to mitigate the attack in the most effective manner. A multi-layer defense strategy is thus essential to enable granular control and protection of all components that are in the critical path of online activities. Source: http://www.ciol.com/ciol/experts/174422/the-multiple-ddos-attacks/page/2

See the original article here:
The multiple faces of Distributed Denial of Service (DDoS) Attacks

DOSarrest Rolls Out New Website Monitoring Service

VANCOUVER, Jan. 22, 2013 /CNW/ – DOSarrest Internet Security announced a new website monitoring service today called the “ DOSarrest External Monitoring Service ” or “ DEMS ”. This new service is a real-time geographically distributed system, capable of monitoring a number of website performance metrics from three different geographic regions, every 60 seconds, utilizing six different sensors. This service may be purchased as a stand-alone product but is free for all DOSarrest customers that are subscribed to DOSarrest’s industry leading DDoS protection service. DOSarrest’s CTO, Jag Bains states “This is a must have if you’re using a CDN or are hosting some high-end, mission critical websites, and it’s a perfect fit for our fully managed DDoS protection service. This combined with our existing traffic metrics gives us and our customers the best visibility in the DDoS protection services arena.” Jag Bains adds “Although there are similar types of services available from third parties, our customers can also choose to have the DOSarrest support staff investigate, pin-point and advise the customer on a plan of action, 24/7/365. No such service exists today that offers this type of customer support”. Mark Teolis, GM of DOSarrest comments. “It’s a very intuitive and elegant design. I use it myself to view the status of all of our customers’ websites. At a glance and without a click, I can tell real-time if anyone is down from six different vantage points, and can easily drill down to a specific site and timeline of events for that site. Many Content Delivery Networks do not offer such a service to their customers. Their customers would have no idea if there was an issue accessing their website in a different region of the country or globe.” More information on this service can be found at: http://www.dosarrest.com/dems About DOSarrest Internet Security: DOSarrest founded in 2007 in Vancouver, BC, Canada is one of only a couple of companies worldwide to specialize in only cloud based DDoS protection services. Their global client base includes mission critical ecommerce websites in a wide range of business segments including financial, health, media, education and government. Their innovative systems, software and exceptional service has been leading edge for over 5 years now SOURCE: DOSarrest Internet Security Limited For further information: Brian Mohammed Director of Sales and Marketing Toll free CAN/US 888 818-1344 ext. 203 Toll Free UK 0-800-635-0551 ext. 203 Mobile: 416-434-6174 www.dosarrest.com Check out our video http://www.youtube.com/watch?v=mUs0vWYEIkQ

View article:
DOSarrest Rolls Out New Website Monitoring Service

The dark cloud over US bank Distributed Denial of Service (DDoS) Attacks

Some in the US point the finger at Iran. Another group called the Izz ad-Din al-Qassam Cyber Fighters, motivated by the US Government’s inability to remove an anti-Muslim video called the Innocence of Muslims, claimed responsibility for the recent Dedicated Denial of Service (DDoS) attacks which have brought down US banking sites since September. But the identity of the perpetrator behind these recent events is only of secondary concern in this story which has been gracing US headlines for months now. This is because at the moment, for the banks that were attacked, the problem all lies in the Cloud. Since September last year, the attack has affected some of the world’s biggest banking names including Wells Fargo, the Bank of America, Citigroup and HSBC. The attackers did not make away with personal data, or commit any form of fraud but they did move DDoS off of the PC and into the remote server, where they could push forth with new improved artillery, powered by faster performance and better and more network connections. Those who point the finger at Iran say their reason for blame lies in the sophistication of the attack, but security company Imperva’s CTO and co-founder Amichai Shulman says to some extent, launching an attack from the server, especially when the Cloud is involved, can be easier and even more importantly more cost effective. “Basically the attackers still use compromised PCs. They use these PCs to search for vulnerable servers and then exploit these, injecting code into the server so that from that time on, the attackers control the servers from a central location, usually behind an anonymizer,” Shulman says. If the attack only relied on PCs, Shulman says 10 to 100 times more compromised PCs would be required then servers to launch an attack of a similar magnitude. “It is more complex managing 100,000 PCs or even 10,000 than managing those compromised servers. Once they can reduce the management complexity they can reduce costs and increase their ability to launch operations on a more frequent basis.” According to security firm Radware’s VP of Security Solutions Carl Herberger, who was talking with the American Banker, banks have never seen such large-scale DDoS attacks. Radware has been working with banks and cloud computing providers following the attacks, which have risen with the increased uptake of cloud adoption by the financial services industry. Herbenger says one unnamed bank with enough internet capacity to handle 40bn bytes of data saw nearly twice that amount of traffic as a result of the DDoS onslaught. “The multiplying of the flood is unbelievable,” Herberger told American Banker. “Their servers, processors and offloading devices simply could not handle this problem.” Has this not been though of before? Security, you would think, will always be top of concern for a financial services player. But the Cloud has made security much more difficult a promise, according to both Shulman and Herberger. “Cloud increases the risk because it is easier to use by the attackers and harder to mitigate by the bankers,” Shulman says. Herberger says the main problem comes from banks’ leasing of cloud services, an approach that ties together the facilities of the banks and cloud computing providers. This makes it more difficult to block data from a particular internet address when an organization comes under cyber attack. He says eventually such attacks could be used for distraction for more malicious and fraudulent activity. Shulman says in the past, banks (which are no stranger to DDoS attacks) have overcome the DDoS threat by installing higher amounts of bandwidth. “But you cannot over allocate network bandwidth just because there might be the possibility of someone launching a large attack at some time. It is just too costly,” Shulman says. “The bank’s primary risk is its data set, or financial fraud, and they are well prepared for that. But this is another technique coming up, and the threat is a very real threat. One thing to remember though is that while these banks have suffered from the recent attacks, there wasn’t a single attack that actually took down one of the banking applications for an entire day.” A new challenge This could be good news but Shulman says in the world of the hacker it can also mean another challenge – and that, in the long run, means more persistent attacks. Shulman says Imperva has been studying this new trend in its own labs and that every day, he sees attackers targeting a new vulnerable type of server, often finding hundreds and thousands of potential victims. “They keep collecting compromised servers, and in some cases they will lose some – but it means for the industry overall there is clearly a higher risk,” Sulman says. Shulman says the recent attacks highlight the risk to anyone using a web service, right down to the small and medium-sized business user. “If you have a web server or web application in the enterprise, you are going to be the target of attackers, even if you don’t have valuable information in your server. Just having enough bandwidth and the server makes you a target,” In some instances the trade-off for added security, will have to be latency as data travels through more security. “The consequence could be that all traffic going in and out of a compromised server would eventually be blocked by security devices along the way,” Shulman says. The real question then – at least for now – will be how latency stands up to denied access when services are given a long-term view? For DDoS protection against your eCommerce site click here . Source: http://www.datacenterdynamics.com/focus/archive/2013/01/dark-cloud-over-us-bank-ddos-attacks

Excerpt from:
The dark cloud over US bank Distributed Denial of Service (DDoS) Attacks

New White House petition seeks to legitimize Distributed Denial of Service (DDoS) Attacks

This week, a petition was filed on the White House’s “We the People” website that aims to legitimize the use of distributed denial of service attacks (DDoS) as a legitimate form of protest. “It is the equivalent of repeatedly hitting the refresh button on a webpage. It is, in that way, no different than any ‘occupy,’ protest,” the petition states. “Instead of a group of people standing outside a building to occupy the area, they are having their computer occupy a website to slow (or deny) service of that particular website for a short time. As part of this petition, those who have been jailed for DDoS should be immediately released and have anything regarding a DDoS, that is on their ‘records,’ cleared.” Some have speculated that Anonymous is behind the petition—but Anons aren’t the only one making this argument: Evgeny Morozov, a Belarus-born tech author, scholar, and journalist made a similar case back in December 2010. However, he later warned: “Declaring that DDoS is a form of civil disobedience is not the same as proclaiming that such attacks are always effective or likely to contribute to the goals of openness and transparency pursued by Anonymous and WikiLeaks. Legitimacy is not the same thing as efficacy, even though the latter can boost the former. In fact, the proliferation of DDoS may lead to a crackdown on Internet freedom, as governments seek to establish tighter control over cyberspace.” The White House’s “We the People” website opened in 2011 and allows anyone to submit a petition to the government on any topic. If a petition gets 25,000 signatures or more, the Obama Administration will be compelled to provide a formal response. Most responses have been fairly mild, however—save releasing the White House beer recipe in late 2012. Citizens have used the system to criticize its “vapid” responses, to challenge Transportation Security Administration policy, and to encourage the president to veto SOPA, among other things. Still, as of this writing, the DDoS petition only has around 1,255 signatures—23,745 to go. Source: http://arstechnica.com/tech-policy/2013/01/new-white-house-petition-seeks-to-legitimize-ddos-attacks/

More here:
New White House petition seeks to legitimize Distributed Denial of Service (DDoS) Attacks

Distributed Denial of Service (DDoS) Attacks on Major Banks Causing Problems for Customers

The websites of major U.S. banks are facing a new round of cyber attacks linked to the same group responsible for similar assaults earlier this year. The latest attacks started last week and have hit Bank of America Corp., SunTrust Banks Inc. (STI), JPMorgan Chase & Co. (JPM), U.S. Bancorp, Wells Fargo & Co. (WFC) and PNC Financial Services Group Inc. (PNC), according to two executives at companies providing security to some of the targeted banks, who asked for anonymity because they weren’t authorized to discuss clients and didn’t want their companies to become targets of computer assaults. PNC was under attack today, the executives said. A group calling itself Izz ad-Din al-Qassam Cyber Fighters announced plans to attack banks in a Dec. 10 statement posted on the website pastebin.com. The same group claimed responsibility for a series of distributed denial-of-service (DDoS) attacks in September and October that flooded bank websites with Internet traffic and caused disruptions and slowdowns for online customers. “The purpose of it is to try to disrupt or stop online banking access,” said Bill Nelson, president of the Financial Services Information Sharing and Analysis Center, which disseminates cyber threat information to the financial services industry. “There are some outages occasionally, but it hasn’t prevented customers from transacting business.” The Izz ad-Din group has said in Internet postings that the cyber attacks are in response to a video uploaded to Google Inc. (GOOG)’s YouTube ridiculing the Prophet Muhammad and offending some Muslims. Multiple Targets The current attacks, which began last week, involve the same tactics used in the earlier assault, harnessing commercial servers to pump traffic at bank websites and attacking applications including security devices such as firewalls or intrusion-detection systems, said Carl Herberger, a vice president at Radware Ltd. (RDWR), a Tel Aviv-based network security provider that is working with some of the banks. While the attackers targeted one bank per day in the previous campaign, they are hitting multiple banks in a single day this time, Herberger said. PNC, in a statement posted on its website, said it’s aware of the potential cyber threat, which could “make it difficult for our customers to log onto online banking.” “Please be assured that PNC’s website is protected by sophisticated encryption strategies that shield customer information and accounts,” the statement reads. “We have no information regarding timing, duration or intensity of this potential threat.” Slow Access Wells Fargo said its website was experiencing an unusually high volume of traffic, creating slow or intermittent access for some customers. “The vast majority of customers are not impacted, but for those who are, we encourage them to access their accounts through our stores, ATMs or by phone as we work to resolve the issue,” according to a statement e-mailed yesterday by Bridget Braxton, a Wells Fargo spokeswoman. Mark T. Pipitone, a Bank of America spokesman, declined to comment, as did Tom Kelly, a spokesman for JPMorgan. The attackers are changing their “signatures,” or techniques, every 7 to 10 minutes, requiring constant monitoring, said Scott Hammack, chief executive officer of Prolexic Technologies, a Hollywood, Florida-based company that provides protection from DDoS attacks. DDoS Attacks Denial-of-service attacks have long been a favored tactic of hacker-activists, and software kits to mount such assaults are available for purchase on the black market, Meaghan Molloy, a senior threat analyst at Mandiant Corp., an Alexandria, Virginia-based information-security firm, said in an e-mail. While the Izz ad-Din al-Qassam Cyber Fighters group said the attacks are in retaliation for the YouTube video, “it’s worth noting” that the Federal Bureau of Investigation last year warned that DDoS attacks were being used to deflect attention from fraudulent wire transfers from compromised bank accounts, Molloy said. Banks targeted in the current attacks are working with Internet-service providers and the U.S. government to share information on the tactics and techniques of the attackers, said Nelson, of the Financial Services Information Sharing and Analysis Center. Source: http://www.bloomberg.com/news/2012-12-20/major-banks-under-renewed-cyber-attack-targeting-websites.html

Read the original:
Distributed Denial of Service (DDoS) Attacks on Major Banks Causing Problems for Customers

National banking regulator advises on Distributed Denial of Service (DDoS) Attack deluge

The regulator for national banks issued an alert Friday about the apparent uptick in distributed denial-of-service (DDoS) attacks being waged against financial institutions. The note from the Office of the Comptroller of the Currency (OCC), which was addressed to the heads of national banks, federal branches and agencies, technology service providers and other related organizations, described how a recent wave of DDoS attacks are disrupting the availability of some bank websites. The spate seemed to kick off in early fall, and many top banks are still experiencing on-and-off attacks. “Each of these groups had different objectives for conducting these attacks, ranging from garnering public attention to diverting bank resources while simultaneous online attacks were underway and intended to enable fraud or steal proprietary information,” the alert said. The bulletin recommends that banks maintain a “heightened sense of awareness regarding these attacks” and ensure they are prepared to deal with them. That includes appropriating staff and third-party contractors to help thwart the attacks; implementing an incident response plan across various departments; and sharing information among affected organizations. In addition, because often the attacks target banks’ service providers, the OCC suggests that financial institutions review the response capabilities of their ISPs and web-hosting vendors. The alert also encourages banks that are sustaining a DDoS attack to remain in communication with customers, conveying any risks they face, as well as safeguards they can take. The OCC said banks should view their security in terms of risk management. But the alert also reminded institutions that they are obligated to follow the Federal Financial Institutions Examination Council (FFIEC) guidelines, which were updated in 2011 to address corporate account takeovers. Often, DDoS attacks run cover for attackers who are simultaneously logged in to victims’ bank accounts while fraudulently transferring out money from their accounts. Avivah Litan of research firm Gartner said in a blog post Friday that the alert shows the OCC is taking the threat seriously, and this will likely result in increased regulatory enforcement. “Some banks do spend enough on security – but many do not,” she wrote. “This will help ensure that all – and not just some – of the banks regulated by the OCC at least, are putting the requisite resources into defending against DDoS attacks and their attending damage.” Source: http://www.scmagazine.com/national-banking-regulator-advises-on-ddos-deluge/article/273769/

See original article:
National banking regulator advises on Distributed Denial of Service (DDoS) Attack deluge

Details of the complexity of a Distributed Denial of Service (DDoS) Attacks

DDoS‘s popularity as an attack method can be explained by how important availability is to most organizations’ ability to function. Availability is as critical to an organization today as electricity. If an organization is taken offline, it can lose the ability to generate revenue from its customers, or the ability to access cloud-based data and applications. And, if publicized, the downtime can damage its reputation and brand. Arbor Networks’ data, gathered from more than 240 service provider deployments, shows that, without question, DDoS attacks are getting bigger. Much bigger. Consider the statistics: The average attack in September was 1.67 Gbps, a 72-percent growth from September 2011. The number of mid-range attacks, ranging 2-10 Gbps, also has increased, up 14.35% so far in 2012. Very large attacks, 10 Gbps+, were up 90 percent during 2011. The largest attack this year measured 100.84 Gbps. Hackers seek out pain points for an organization, like maintaining availability, and look to exploit weaknesses in infrastructure and existing security defenses. From that perspective, DDoS is a great tool. There are three main categories of DDoS attack: Volumetric attacks These attacks attempt to consume the bandwidth either within the target network/service, or between the target network/service and the rest of the internet. These attacks are simply about causing congestion. Volumetric attacks first emerged in 2001 when Microsoft, eBay and Yahoo were taken offline by what back then was considered large attacks in the 300 Mbps range – a relatively low volume attack. With DDoS attacks now exceeding 100 Gbps, internet service providers are faced with new challenges of how to protect their networks and infrastructure. TCP state-exhaustion attacks These attacks attempt to consume the connection state tables that are present in many infrastructure components, such as load balancers, firewalls and the application servers themselves. Even high-capacity devices capable of maintaining state on millions of connections can be taken down by these attacks. Application layer attacks In 2010, there was a dramatic shift in DDoS, from primarily large volumetric attacks to smaller, harder-to-detect application-layer attacks that target some aspect of an application or service at Layer 7. These are the most sophisticated, stealthy attacks, as they can be very effective with as few as one attacking machine generating a low traffic rate (this makes these attacks very difficult to proactively detect and mitigate). ** Each of these attack types present unique challenges to network operators. The easiest attacks to mitigate are volumetric, which can be effectively mitigated by cloud-based managed security services. Attacks targeting existing infrastructure, and those that are “low-and-slow” targeting applications, are the most difficult to identify and mitigate. What makes DDoS such an effective weapon in recent years is the increasing complexity of attacks, the blending of attack types, targets and techniques. Take, for example, the recent attacks on financial institutions in the United States. These attacks used a combination of attack tools with vectors mixing application-layer attacks on HTTP, HTTPS and DNS with volumetric attack traffic on a variety of protocols including TCP, UDP, ICMP and others. The other unique characteristic of these attacks was the targeting of multiple companies in the same vertical at very high bandwidth. Compromised PHP web application servers were used as bots in the attacks. Additionally, many WordPress sites, often using the out-of-date TimThumb plug-in, were compromised around the same time. Joomla and other PHP-based applications were also leveraged. The attackers uploaded PHP WebShells to unmaintained servers and then used those shells to further deploy attack tools. The attackers connected to the tools either directly or through intermediate servers/proxies/scripts, and therefore the concept of command-and-control did not apply in the usual manner. This complex, rapidly evolving attack vector requires purpose-built tools, both on-premise and cloud-based, to provide comprehensive protection against both large attacks and those that target the application layer. And until we see pervasive deployment of best practices defenses, we can expect to see DDoS in the headlines for years to come. Winston Churchill offered some great advice that IT security professionals should keep top of mind as they adapt their defense to the threat landscape, “Success is not final, failure is not fatal: It is the courage to continue that counts.” Source: http://www.scmagazine.com/its-the-complexity-not-the-size-that-makes-ddos-effective/article/273775/

Visit link:
Details of the complexity of a Distributed Denial of Service (DDoS) Attacks

Wells Fargo Still Dealing with Distributed Denial of Service (DDoS) Attack

Hacktivists’ phase 2 distributed-denial-of-service attacks against U.S. banks appeared to subside Dec. 19. Only Wells Fargo reported online access issues, but the bank pointed out that outages were limited. A day earlier, the bank reported a more extensive DDoS hit. The hacktivist group Izz ad-Din al-Qassam Cyber Fighters Group on Dec. 18 posted an update on Pastebin , saying targeted banks could expect more distributed-denial-of-service attacks this week, resembling the magnitude of attacks waged against Bank of America, JPMorgan Chase, PNC Financial Services, U.S. Bancorp and SunTrust Bank a week earlier The group, however, did not name its targets in the Dec. 18 posting. But based on outage reports confirmed Dec. 18 and Dec. 19 by Wells Fargo, the bank apparently was one of those that Izz ad-Din al-Qassam has chosen to attack this time around. Wells Fargo spokeswoman Sara Hawkins said some bank customers may have experienced issues accessing their online accounts throughout the day Dec. 19. “We’re not seeing widespread impact, but we do recognize that some customers may have intermittent access to our website,” she said. On Dec. 18, however, Hawkins said the bank was seeing heavier than typical traffic. “We’re seeing an unusually high volume of traffic, which is creating slow or intermittent access to our website for some online customers,” she said. But none of the five banks named as targets in Izz ad-Din al-Qassam’s Dec. 11 announcement of the launch of a phase 2 DDoS campaign reported similar issues. Ten banks were targeted in the first campaign of DDoS attacks, which ran from mid-September until mid-October. Those banks included the five noted above as well as Wells Fargo, Regions Bank, HSBC Holdings, BB&T Corp. and Capital One. Among these, only Wells has reported additional outages allegedly linked to Phase 2. The others confirmed Dec. 19 that their sites remained unaffected. The hacktivist group claims it will continue its attacks on U.S. banks until a YouTube movie trailer, deemed to be offensive to Muslims, is removed. The Financial Services Information Sharing and Analysis Center on Dec. 12 issued an advisory , outlining precautions institutions should take as they prepare for more attacks. The FS-ISCAC notes that hacktivists’ warning that the second phase will be more severe should be heeded. For DDoS protection for your eCommerce site click here . Source: http://www.bankinfosecurity.com/wells-fargo-still-dealing-ddos-a-5370

Read this article:
Wells Fargo Still Dealing with Distributed Denial of Service (DDoS) Attack

To the Rescue: A Fully Managed Distributed Denial of Service (DDoS) Protection Solution

With its hosting DNA, DOSarrest understands the challenges of dealing with a distribute denial of service (DDoS) attack in a data center. We know, for example, that for every minute your website is reeling from a DDoS attack, thousands – or even hundreds of thousands-of dollars can be lost in the form of missed sales and credibility with your customers. In addition to lost revenue, you risk future losses due to the negative impact to your search engine optimization (SEO) ranking caused by a prolonged outage – a penalty from which it can take months to recover. To help avoid these problems, DOSarrest designed a cloud-based mitigation service that provides carrier-grade service and leaves your Web infrastructure intact. Because we created a multilayered defense system in each of its geo-distributed mitigation centers, we can handle the large Layer 2 and Layer 3 attacks all the way to the most sophisticated application layer incursions with relative ease. Expecting the Unexpected Given the relatively low barrier of entry for the committed attacker, a DDoS attack can be launched at anytime for a variety of reasons, unbeknownst to the victim. Because of this uncertainty, we had to design a mitigation service that could be implemented within minutes. By using a distributed architecture, we can provide both DDoS protection and added website performance for our customers. But this distribution presented some challenges we had to overcome. Given that we broadcast our customers’ content from several locations between Europe and North America, we needed to know how each location was performing. Ensuring Total Stability and Performance To solve this problem we developed – and are now in the process of rolling out – DOSarrest External Monitoring Service (DEMS) , a completely separate website monitoring service designed to ensure the highest degree of stability and performance for all the geographic regions from which we broadcast. Even some of the world’s largest content-delivery networks don’t supply this information to their customers. With DEMS , we can provide the first fully managed DDoS protection service, backed by a team of engineers on duty 24/7/365 in our Security Operations Center, which is capable of detecting and thwarting an oncoming attack before it has any effect. Our philosophy is to resolve issues that may arise on the first call or e-mail from our customers. There are no auto-replies here, as an experienced engineer responds to every inquiry, normally within 10 minutes. Jag Bains, CTO at DOSarrest Internet Security . To read more about the InformationWeek DDoS Special Report, download it here: http://www.informationweek.com/gogreen/121112fs

More here:
To the Rescue: A Fully Managed Distributed Denial of Service (DDoS) Protection Solution

4 Banks Respond to Distributed Denial of Service (DDoS) Threats

The day after Izz ad-Din al-Qassam Cyber Fighters announced plans to launch a second wave of distributed-denial-of-service attacks on five U.S. banks, SunTrust suffered intermittent outages and Bank of America and PNC said small numbers of their customers reported having trouble accessing their sites. But it remained unclear whether the problems were the result of an attack. U.S. Bank, which did not suffer any known outages or access issues, did, however, acknowledge that new attacks could be on the way. On Dec. 11, PNC used social media to warn consumers that site outages should be expected, but that account and online-banking credentials would remain secure. And one expert was advising banks to expect the worst, saying Izz ad-Din al-Qassam Cyber Fighters’ second wave of attacks would likely be more fierce than the first. The online-monitoring site websitedown.com reported that about noon ET on Dec. 11, SunTrust Banks website suffered intermittent outages. But SunTrust executives declined to comment on the nature of the outages. BofA spokesman Mark Pipitone said that while BofA’s site suffered no overall outages, an isolated number of online-banking users reported problems accessing the site. “We’re aware of the reports of possible cyberattacks, and we’re monitoring our systems, which are fully operational,” Pipitone said in the early evening of Dec. 11. PNC spokeswoman Amy Vargo said some PNC customers may have experienced intermittent difficulty logging in on their first attempts. “We are aware of the situation and working to restore full access,” she said during the early evening of Dec. 11. “We are focused on minimizing disruption to our customers and will review the cause of this incident once full access is restored.” And U.S. Bank spokesman Tom Joyce told the Minneapolis/St. Paul Business Journal that the bank is “taking all necessary steps” to prepare for more attacks. “It’s important to note that these denial-of-service attacks are designed to slow down banks’ websites and create a nuisance for consumers,” Joyce said. “Customers can be assured that their data and funds are secure.” The hacktivist group Izz ad-Din al-Qassam Cyber Fighters named SunTrust, U.S. Bancorp, JPMorgan Chase, Bank of America and PNC Financial Services Group as targets for its next wave of DDoS attacks. The group, in a Dec. 10 post on Pastebin , announced plans for what it portrays as “Phase 2 Operation Ababil” – a second campaign of attacks waged against leading U.S. banks to protest a YouTube movie trailer deemed offensive to Muslims. All five banks were targets – along with Wells Fargo, Capital One, Regions Bank, BB&T and HSBC – during the first wave of DDoS attacks , which ran from mid-September to mid-October. During that period, each bank’s website suffered intermittent outages of varying degrees. CapOne was the only institution targeted twice in the first wave (see CapOne Takes Second DDoS Hit ). PNC’s Communications Stand Out On Dec. 11, three of the five newly targeted banks were remaining quiet, declining to comment about the threat and steps they were taking, if any, to communicate with consumers about the expectation of more attacks. BofA acknowledged isolated reports from consumers who suffered difficulty logging in. PNC, the only bank to publicly outline details surrounding the DDoS attack it suffered in the first wave, however, immediately took steps to notify the public of the possibility for a second attack. Through Dec. 11 posts on the social-networking sites Facebook and Twitter , PNC forewarned online-banking customers that outages should be expected. “This potential threat could result in high volume of electronic traffic that may make it difficult for our customers to log onto online banking,” the bank stated on its Facebook page and website . “Please be assured that PNC’s website is protected by sophisticated encryption strategies that shield customer information and accounts. We have no information regarding timing, duration or intensity of this potential threat. Please continue to follow our page for additional updates.” Fiercer Attacks Ahead? Why these five banks have been targeted for a second attack is not clear. But John Walker , an independent security professional in London and member of the European Network and Information Security Agency’s security experts team, says banks should expect the new attacks to be more fierce than the first, as the hacktivists promised in their Dec. 10 post. “By showing the game can be taken to ever-increasing levels starts to focus the mind of the victim organizations as to their frailty,” Walker says. “They [the hacktivists] are, I believe, demonstrating their power.” Walker says banks learned valuable lessons during the first wave, which will provide them with tools to better prepare this time around. But they should not be overly confident in their abilities to stave off outages. “This style of attack has not even matured yet, and there is more to come,” he says. “The time has arrived for … more techno-savvy security – and more honesty in the boardroom – as to real-time security exposure before the event, not just after it has impacted the business.” Source: http://www.bankinfosecurity.com/webinars/new-wave-ddos-attacks-how-to-prepare-respond-w-308

Continue reading here:
4 Banks Respond to Distributed Denial of Service (DDoS) Threats