June 9, 2013 By Lynn Price 3 min read

DDoS attacks as a viable weapon

There was a hush throughout the country. The dazed Estonia citizenry looked on as their daily routines were disrupted at seemingly every juncture.  What later became known as the Bronze Night, a dispute between Russia’s legislature and Estonia, had moved into cyber space. Estonia was one of the most wired nations in the world, well ahead of the United States. Utilization of Internet applications had moved into everyday life.

During the attack, Estonians could not use their on-line banking, read newspapers, or access government services. Everyday routines were abruptly halted across the country.  Public and private business functions were brought to a standstill. Estonia had been hit with the largest DDOS attack in history to date. The year was 2007.

Flash forward to today and consider the DDOS attacks on the banking system and its impact.  Like in Estonia, Internet applications have become a mainstream way of life and vulnerable to disruption.  The impact of the current wave of DDOS attacks is nowhere close to that in Estonia.  Although there were temporary availability issues with service, it was more of a wake-up call to the sector.

Using DDOS as a political tool has been around at least since 2007.  It should not have been a surprise that this type of attack continues to be exploited by adversaries. DDOS is still a viable weapon for nation-states, hacktivists, fraudsters, and gangsters.  The cyber world is full of anonymous arsonists, and too many firms are still without adequate fire protection.  The old fire hoses are not enough to quell the wall of flames.

Old Solutions Are Not Enough

Traditional firewalls and intrusion-prevention systems are not enough when it comes to volumetric surges on the order of 10 Gbps.  Attacks are not only increasing in volume but are utilizing a hybrid construct as well. The attacks that hit firms in September and October could overwhelm the network connection and applications at the same time.

A recent study, conducted by the Ponemon Institute and sponsored by Radware, surveyed 705 IT security professionals related to downtime and DDoS.  It revealed that most organizations have insufficient protection. In light of the fact that nearly two-thirds of companies have experienced at least three denial-of-service attacks in the past year, it should be a priority on everyone’s business plan.

Most organizations are unprepared for DDoS attacks says study.

“Those who do not learn from the past are doomed to repeat it.”  How often have we heard this saying, yet as evident with the case of the current DDOS attacks, we’ve failed to pay it heed.   Is it that we’re so distracted by the ‘here and now’ that we fail to see a connection with the past?  Or is that many financial firms thought they had defenses in place to defeat such attacks, but had problems with the 20 Gbps barrage?

In any case it is more than time to step into action, to anticipate upcoming threats, analyze risk posture and implement predictive solutions.

Determine the Risk Level

The most important preliminary task is to determine the risk level. Accurate risk scoring is well worth the time and effort.  Taking a blended approach, combining risk scoring measurements results in an insightful view of organizational risk posture. One recommended approach is to combine the MIDAS Threat Classification System with the NIST CVSSv2 Scoring System.

After evaluating the risk, technical solutions should be analyzed for cost benefit.  DDOS solutions cover the gamut, with most firms opting to work through their telecommunication providers for capacity options.  Firms often opt for Telco solutions as they are effective but can be costly.  There are many architecture solutions and alternatives for off-loading bandwidth that should be considered within the context of the environment.  There are a number of vendor solutions with a full range of capabilities.  The range can vary anywhere from third parties cleansing network traffic to in-house adaptive blacklisting.

A solution worth considering is to proactively secure a mitigation service.  It can be a good insurance policy; in fact, it’s better than insurance, which pays off only after damage is done. That’s because mitigation services are designed to prevent destruction from occurring in the first place. Not only can a mitigation service act as a deterrent, many attackers will move on to easier prey when they see an initial DDoS attack fail.

Hopefully this year will be a resounding demonstration of lessons learned from last year’s DDOS thrashing.  Forward thinking financial institutions have gone back to the drawing board, studied the threat, determined the most strategic cost-beneficial solution for their business, and implemented those in time for the future attempts to bring them to their knees.

 

More from Banking & Finance

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today