The Green Sheet Online Edition
August 26, 2013 • Issue 13:08:02
Vacation over, hacktivists return
A group that has dubbed itself the al-Qassam Cyber Fighters boasted in late July the beginning of "phase four" of its distributed denial-of-service (DDoS) attacks against U.S. banks. The hacktivist group had not attacked American banks since early May 2013.
The attacks are retaliation for the continued availability on YouTube of a video clip the group has deemed offensive to Islam.
In a July 23 Internet post, the group stated it plans to disrupt the service of American banks until all clips of the film are removed from YouTube. "Planning in the new phase will be a bit different and you'll feel this in the coming days," the post stated. For more details, see http://pastebin.com/22WJ6m9U.
JPMorgan Chase & Co., U.S. Bancorp, and Regions Financial Corp. reportedly have all had intermittent issues since July 24. A DDoS attack on July 27 was aimed at Regions, which stated on its website that customers may have had difficulty using their debit cards.
The DDoS was a large-scale attack and had the potential to affect many customers. However, the issue lasted only two hours. "Attacks like this have not been uncommon this year for us or, frankly, for any other major banks," Regions Bank spokesman Mel Campbell told thetowntalk.com.
The outage at Chase on July 24 was heavy in the early morning, stopped in the late morning and ramped up again in the afternoon, said a DDoS expert who asked to remain anonymous. The outages at Regions Bank followed the same pattern.
Growing bigger and shorter
According to Arbor Networks Inc., at the end of 2012 the average size of DDoS attacks was around 1.77 Gigabits per second (Gbps), reflecting 19 percent growth over comparable attacks in 2011.
Following are a few recent statistics from Arbor regarding DDoS attacks:
- The average bit-per-second size of attacks has jumped 43 percent this year; 46.5 percent of attacks are now over 1 Gbps, a jump of 13.5 percent from 2012.
- The proportion of attacks ranging from 2 Gbps to 10 Gbps has doubled, from 14.78 percent to 29.8 percent.
- The proportion of attacks now over 10 Gbps has increased 41.6 percent year to date.
- In the first half of 2013, the total number of attacks over 20 Gbps doubled the total for all of 2012.
Arbor also found that attacks are shorter, with most lasting less than one hour. Packet-per-second attack sizes have diminished, reversing the strong growth seen from late 2011 through 2012.
"The increasing volume of highly visible attacks - including a mix of politically motivated attacks, state-sponsored electronic warfare, social activism, organized crime, and good old-fashioned pointless mischief and mayhem - is being driven by the easy availability of bots/botnets for hire and easily distributed crowd-sourced attack tools," stated Jeff Wilson, Principal Network Security Analyst with Infonetics Research, in Arbor's announcement.
How can you fight DDoS? You can't prevent an attack; it is out of your control; everyone is vulnerable. DDoS attacks are cheap to launch and expensive and tough to battle. Yet, enterprise-level companies can mitigate the risk.
DDoS prevention systems direct traffic through a wider bandwidth, but they won't protect against everything. Addressing and securing bottlenecks inside a corporate network will help.
Also, be aware of application-layer attacks. Unfortunately, this type can be hard to track. Keep potential DDoS attacks such as user datagram protocol flooding and TCP (transmission control protocol) SYN (synchronization packet) floods in check.
These attacks are typically spoofed rather than accomplished by using real Internet protocol addresses from real machines that run complete application transactions.
Another option is to use third-party services, such as those provided by Akamai Technologies Inc., VeriSign Inc. and CloudFlare Inc. for DDoS protection. Even cloud-based protection is now available.
Nicholas Cucci is the Director of Marketing for Network Merchants Inc., a graduate of Benedictine University and a licensed Certified Fraud Examiner. Cucci is also a member of the Advisory Board and Anti-Fraud Technology Committee for the Association of Certified Fraud Examiners, as well as a member of the Electronic Transactions Association's Risk, Fraud and Security Committee. NMI builds e-commerce payment gateways for companies that want to process transactions online in real time anywhere in the world. Contact him at firstname.lastname@example.org.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.