E-biz Sites Hit With Targeted Attacks, Extortion Threats

Hackers are shifting strategy, taking aim at specific companies

A distributed denial-of-service attack that disrupted Web-based systems at credit card payment processing firm Authorize.Net Corp. last week is indicative of a sharp increase in the number of cyberattacks being targeted at specific companies and driven by profit motives.

The DDoS attack against Authorize.Net coincided with the release of a report by IT security software vendor Symantec Corp., which said its analysis of network attacks in the first six months of this year shows that malicious hackers appear to be moving away from mass attacks to more focused ones aimed at e-commerce sites.

Other security vendors and analysts painted a similar picture.

"We're seeing a big escalation of attacks targeted at e-commerce companies," said Tom Corn, a vice president at Mazu Networks Inc., a Cambridge, Mass.-based vendor of DDoS mitigation technologies. Many of the attacks involve attempts to extort money from the targeted companies, Corn added.

The plight of Bellevue, Wash.-based Authorize.Net is a perfect example. The company, which provides payment processing services to more than 100,000 mainly small to midsize online businesses, was the target of intermittent but "large-scale" DDoS attacks that began on Sept. 15, said David Schwartz, the company's marketing director. The attacks resulted in periods of "brief disruptions" for Authorize.Net's customers, said Schwartz.

The DDoS assault was launched a few days after company officials refused to give in to an extortionist's demand for "a substantial amount of money," Schwartz said. "It was something that was sent to our general mailbox," he said, adding that the FBI and other law enforcement authorities are investigating the incident.

This isn't the first time Authorize.Net has found itself targeted by cyberattackers, but the scope was bigger this time. "We have been attacked in the past, but not on this scale and with such tenacity," Schwartz said.

Following the Money

Jonah Paransky, a senior manager at Cupertino, Calif.-based Symantec, said 16% of the attacks against e-commerce sites that the company analyzed were identified as targeted. In the same period last year, only 4% of the attacks on e-commerce sites were thought to be aimed at specific sites. The increase suggests "that attackers are turning to where the money is," Paransky said.

A jump in the number of remotely controlled "bot networks" that are used to launch such attacks is also increasing the seriousness of the threat, Paransky added. Between January and June, the number of bot networks monitored by Symantec rose from well under 2,000 to more than 30,000, he said. Malicious hackers have also been getting faster at exploiting new vulnerabilities.

In addition, the attackers are becoming more sophisticated, Corn said. Increasingly, DDoS attacks are being "dynamically monitored" by their creators and modified on the fly in an effort to get around corporate defenses, he noted.

The combination is creating havoc for IT managers, said Jon Duren, chief technology officer at IdleAire Technologies Corp., a Knoxville, Tenn.-based provider of electrification services at truck stops.

Despite his company's best efforts, its networks keep getting infected with worms, viruses, adware and spyware "that render machines useless," Duren said. Too much time is spent fighting a battle "where the enemy grows increasingly intelligent," he said.

Contributing to the problem is that tool kits for developing and launching attacks are increasingly readily available on the Internet, said David Giambruno, director of strategic infrastructure and security at Pitney Bowes Inc., a $4.5 billion mail and document management firm in Stamford, Conn. The way such tools simplify the process of launching attacks "scares me to death," he said.

Extortion schemes that use attacks like the one against Authorize.Net are becoming more common, with banks among the typical targets, said John Pescatore, an analyst at Gartner Inc. "They are definitely targeted, ransom-type attacks, and there's going to be a lot more of them," he said.

Key Findings
Symantec’s Internet Security Threat Report included the following findings for the period between Jan. 1 and June 30:

It took an average of 5.8 days for a newly announced vulnerability to be exploited.

48 new vulnerabilities were announced per week.

E-commerce sites received the most targeted attacks.

Worms compromised 40% of the Fortune 100 companies.

Copyright © 2004 IDG Communications, Inc.

Shop Tech Products at Amazon