Cyberattacks on banking websites subside -- for now
Prolexic, which says it protects the top financial institutions, says the attackers have done their homework
IDG News Service - The wave of cyberattacks against a half-dozen U.S. financial institutions has subsided this week, but the recent demonstration of force shows a careful honing of destructive techniques that could continue to cause headaches.
The attacks against Wells Fargo, U.S. Bancorp, PNC Financial Services Group, Citigroup, Bank of America and JPMorgan Chase succeeded in drawing ire from consumers trying to use the sites for regular banking.
But customer-facing websites are just a small part of very complicated banking systems consisting of sometimes thousands of back-end applications that are being prodded by attackers, said Scott Hammack, CEO of Prolexic, a company based in Hollywood, Florida, which specializes in defending against distributed denial-of-service (DDOS) attacks.
The attackers "have absolutely done their homework on these large companies," Hammack said. "They've found many, many weak spots, and their attacks are very focused on those weak links."
Prolexic is in a unique position to observe the attacks. The financial institutions victimized by the attacks last week are its customers, although confidentiality agreements with the banks prevent Prolexic from directly naming the companies, said Prolexic's president, Stuart Scholly.
The attacks have consumed up to 70Gbps of bandwidth, well beyond the 1Gbps to 10Gbps circuits that large companies tend to rent, Scholly said.
"There are very few companies that can afford to buy that kind of bandwidth," Scholly said.
Within a few minutes of the start of an attack, DNS (Domain Name System) or BGP (Border Gateway Protocol) routing changes are used to direct malicious traffic through Prolexic's data centers in London; Hong Kong; San Jose, California; and Ashburn, Virginia. The bad traffic is scrubbed, while non-attack traffic is passed along to customers.
As exhibited by last week's problems, it doesn't mean in every case that a site's hiccups are immediately cured. The hackers are using between six and eight different types of attacks originating from small armies of compromised computers. Those botnets are often in the U.S. and China, which are countries with large numbers of computers without up-to-date patches, making those machines vulnerable to hackers to install DDOS toolkits.
Prolexic called out one of those toolkits, called "itsoknoproblembro," in a recent statement, but declined to say if that toolkit was used in last week's attacks.
The hackers are taking steps to make each attacking computer within those botnets look different. Prolexic tries to identify an attacking computer by its "signature," or a set of characteristics that make it look unique. But if those parameters vary over time, it's more difficult to block an attack.
The vast range of IP addresses used by banks also makes defense more difficult, as hackers try different attack techniques against applications and ports, testing for latency, or how long it takes the bank's systems to respond.
"It's not like protecting mom and pop's ABC hardware store with a single IP [address] and a couple of ports," Hammack said.
Prolexic executives won't speculate on the motivation for the attacks or what group may be responsible, but Hammack said he is "frustrated when people say this is a dumb attack by some kid in an apartment in Brooklyn."
Send news tips and comments to firstname.lastname@example.org
- Syrian Electronic Army shanghais Microsoft's Twitter account, blog
- Is French outrage against U.S. spying misplaced?
- Lawmakers seek answers on Obamacare Data Hub security
- China-based hacking group behind hundreds of attacks on U.S. companies
- How to Prepare for a Potential Syrian Counterattack on the U.S. Power Grid
- New York Times site outage caused by attack on domain registrar, company says
- Cyber drills like Quantum Dawn 2 vital to security in financial sector
- Quantum Dawn 2 will test Wall Street's cyber readiness
- Pentagon accuses China of cyberattacks on U.S military, business targets
- Spamhaus attacks expose huge open DNS server dangers
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cyberwarfare White Papers | Webcasts