News & Commentary

09:02 PM
Avi Rembaum and Daniel Wiley, Check Point Software Technologies
Avi Rembaum and Daniel Wiley, Check Point Software Technologies

4 Things Banks Need To Know About DDoS Attacks

To cope with an increased number of large distributed denial of service attacks, banks must not only have plans in place -- they should consider a broad set of defensive tools that combine on-premise technologies and cloud-based scrubbing services.

Financial institutions have been battling waves of large distributed denial of service (DDoS) attacks since early last year. Many of these attacks have been the work of a group called the Qassam Cyber Fighters (QCF), who until recently posted weekly updates on Pastebin reminding readers of the reasons for their efforts and summarizing Operation Ababil, their DDoS campaign.

Other Hacktivist groups have launched their own DDoS attacks and targeted financial services institutions with focused attacks on web forms and content. There have also been reports of nation-state-organized cyber assaults on banks and government agencies, along with complex, multi-vector efforts that have combined DDoS attacks with online account tampering and even fraud.

[Bill Stewart, SVP and lead of Booz Allen Hamilton's financial services practice, says Banks Must Take a Holistic Approach to Cybersecurity]

The past year-and-a-half points to a state of hacking activity that consistently increases in intensity and evolves regularly. The recent incidents against all sizes of banks have shown that there are many kinds of DDoS attacks. These have included traditional SYN and DNS floods, as well as DNS amplification, application layer and content targeted methods. Denial of Service (DoS) activities that have targeted SSL-encrypted web page resources and content are an additional challenge. In some instances, the adversaries have moved to a blended form of attack that incorporates harder-to-stop application layer methods alongside “cheap,” high-volume attacks that can be filtered and blocked through simpler means.

To cope with this level of malicious activity, CIOs, CISOs, and their teams need to have a plan in place and consider a broad set of defensive tools that combine on-premise technologies and cloud-based scrubbing services. They must also begin to explore and ultimately implement intelligence gathering and distribution methodologies that help lead to a comprehensive DoS mitigation strategy.

1. Have a scrubbing service or similar cleaning provider to handle large volumetric attacks. The volumes associated with DDoS activity have reached a level where 80 Gbps of DDoS traffic is a normal event. There are even reports of attacks in the range of 300 Gbps. Few, if any, organizations can maintain sufficient bandwidth to cope with attacks of this size. And, when faced with DDoS incidents this large, the first thing an organization needs to consider is the option to route its Internet traffic through a dedicated cloud-based scrubbing provider that can remove malicious packets from the stream. These providers are the first line of defense for large volumetric attacks as they have the necessary tools and bandwidth to clean network traffic so that DDoS packets are stopped in the cloud and regular business as usual (BAU) traffic is allowed through.

2. Have a dedicated DDoS mitigation appliance to identify, isolate, and remediate attacks. The complexity of DDoS attacks and the tendency to combine volumetric and application methods require a combination of mitigation methods. The most effective way to cope with the application and “low and slow” elements of these multi-vector attacks is to leverage on-premise dedicated appliances. Firewalls and intrusion-prevention systems are critical to the mitigation effort, and DDoS security devices provide an additional layer of defense through specialized technologies that identify and block advanced DDoS activity in real-time. Administrators can also configure their on-premise solutions to communicate with cloud scrubbing service providers to enable automated route away during attack.

1 of 2
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Here is what the client expects us to develop...
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.