Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

E-Biz sites hit with targeted attacks, extortion threats

Attackers may be shifting their strategy and aiming at specific companies

September 24, 2004 12:00 PM ET

Computerworld - A distributed denial-of-service attack that disrupted Web-based systems at credit card payment-processing firm Authorize.Net Corp. earlier this week is indicative of a sharp increase in the number of cyberattacks being aimed at specific companies and driven by profit motives on the part of the hackers who launch them (see story).
The DDoS attack against Authorize.Net coincided with the release of a report by IT security software vendor Symantec Corp., which said its analysis of network attacks in the first six months of this year shows that malicious hackers appear to be moving away from mass attacks to more focused ones aimed at e-commerce sites.
Other security vendors and analysts painted a similar picture.
"We're seeing a big escalation of attacks targeted at e-commerce companies," said Tom Corn, a vice president at Mazu Networks Inc., a Cambridge, Mass.-based vendor of DDoS-mitigation technologies. Many of the attacks involve attempts to extort money from the targeted companies, he said.
The plight of Bellevue, Wash.-based Authorize.Net was a perfect example. The company, which provides payment-processing services to more than 100,000 mainly small to midsize online businesses, was the target of intermittent but "large-scale" DDoS attacks that began on Sept. 15, said Authorize.Net's marketing director, David Schwartz. The attacks resulted in periods of "brief disruptions" for Authorize.Net's customers, said Schwartz.
The attacks were launched a few days after company officials refused to give in to an extortionist's demand for "a substantial amount of money," Schwartz said. "It was something that was sent to our general mailbox," he said, adding that the FBI and other law enforcement authorities are investigating the incident.
This isn't the first time Authorize.Net has been targeted by cyberattackers, but the scope is bigger. "We have been attacked in the past, but not on this scale and with such tenacity," Schwartz said.
Jonah Paransky, a senior manager at Cupertino, Calif.-based Symantec, said 16% of the attacks against e-commerce sites that the company analyzed were targeted. In the same period last year, just 4% of the attacks on e-commerce sites were thought to be aimed at specific sites. The increase suggests "that attackers are turning to where the money is," Paransky said.
A jump in the number of remotely controlled "bot networks" used to launch such attacks is also increasing the seriousness of the threat, Paransky added. Between January and June, the number of bot networks monitored by Symantec rose from fewer than 2,000 to more than 30,000, he said. Malicious hackers also have been getting faster at exploiting new vulnerabilities.
In addition,



Jump to comments

Cybercrime/Hacking

Additional Resources

EFD vs. HDD - What You Need to Know
WHITE PAPER
Enterprise flash drives provide a new Tier 0 storage layer capable of delivering high I/O performance at a very low latency. Proper use of EFDs in an Oracle environment can deliver increased performance compared to fibre channel drives. Read the recommendations for identification of the best DB components for EFDs.
Gartner Research Report: Magic Quadrant for Application Delivery Controllers, 2009
WHITE PAPER
The market for products to improve the delivery of application software over networks remains dynamic and innovative. Vendors focused on solving enterprises' most-pressing application problems have become the top players.
Eight Criteria for Server Load Balancing
WHITE PAPER
Server load balancers are a simple yet highly effective means to scale an application environment while ensuring its availability. Today's solutions should also address application performance and security. Read about the top eight criteria you should consider when choosing a server load balancer and how Citrix NetScaler meets those requirements.

White Papers & Webcasts

Gene Kim's Practical Steps to Achieve and Maintain NERC Compliance
Learn seven steps operators can take to meet IT configuration requirements set forth in the NERC-CIP standards.  

The Workday User Experience Video
Watch Workday's Creative Director, Scott Lietzke, discuss the business-centered design philosophy at Workday.

Business Process Framework Demo
Learn about Configurable Business Processes and Calculated Fields. Watch Now!

Manager Experience Demo
Go beyond self-service solutions to perform more effectively. Watch Now.


IT Jobs