Some of the recent DDoS attacks have
targeted banks and financial
institutions in an effort to cover up
attempted security breaches and
fraudulent transactions. The
Department of Justice, the FBI, and the
Copyright Office have all experienced
disruptions in service by denial of
service attacks in the past – meaning
distributed denial of service attacks are
a serious problem.
Financial institutions and government
agencies are paying a close eye to the
development of recent DDoS attacks.
Cyber criminals and "hacktivists" are
increasing the strength of attacks and
using them as distractions to further
other crimes, like consumer fraud and
fraudulent ACH transactions. Earlier
this week, the Office of the Comptroller
of the Currency (OCC) issued a warning
to banks and financial institutions to be
on alert for upcoming attacks. There
has been a lot of coverage in the news
lately regarding Izz ad-Din al-Qassam
Cyber Fighters, who have claimed
responsibility for the recent attacks on
JPMorgan Chase Bank, Bank of
America, and US Bancorp, among
others.
Banks are not the only businesses
targeted by denial of service attacks –
nearly every industry or niche has been
targeted at one point. Sites particularly
vulnerable are government and
political websites, large retailers,
online gaming sites, and high profile
websites. The list doesn't stop there.
Many websites are attacked for no
apparent reason – often times simply
for disruption or unwarranted
retaliation. Some webmasters have
even been suspicious that competitors
use DDoS attacks as a way to damage
brand reputation and trust.
Efforts are now underway to create
more dialogue between financial
institutions themselves. The purpose is
to speed up the flow of communication,
so early warnings can be sent to out to
other banks to raise awareness and
preparedness. Denial of service attacks
come in many varieties, but they
essentially come in two forms: single-
origin and botnet. Each form of attack
has the ability to take a site offline, but
botnets are especially difficult to
combat because of the sheer scale of
the attack.
Distributed denial of service, or DDoS,
happens when a hacker, or hacker
group, sends a huge volume of traffic to
a target machine or website. Servers
have a finite amount of resources.
Scalable hosting is possible, but true
unlimited hosting is a myth. All
hardware has limitations. Hackers
capitalize on this knowledge by
ratcheting up traffic volume to the
point that the server cannot respond to
legitimate information requests from
real people attempting to access the
site. The tell-tale signs – a website that
is low to load or won't respond at all.
You may have experienced this at one
point trying to log into your online
banking account this month. When the
volume of malicious traffic eats up the
resources of the server it shuts down,
along with all of the websites currently
occupying that machine.
DDoS mitigation helps offset or
eliminate the affects of the attack.
DDoS mitigation can be an involved
process, requiring specialized
hardware, software, and of course – the
knowledge to combat the problem.
Often times, banks (and other
businesses needing DDoS protection
during an attack) will enlist a third-
party provider to mitigate the traffic
through proxy filtering. All traffic is
routed to the anti-ddos provider, bad
traffic is filtered out, and good traffic is
routed back to its original destination.
Any business prone to attack,
government agency, or financial
institution is considered "high risk
hosting" – meaning they require special
attention because they tend to deal
with repeated attempts bent on
compromising their network.
Since sensitive information is shared
and stored in financial computer
systems, the need for protection is
most important. Cybercriminal activity
trends show that sometimes even
rudimentary techniques can affect large
government and banking websites.
Small attacks still have the power to
stop valuable email communications
from being sent. Stopping
communication increases risk and
affects proper mitigation. Cyber pirates
use social media to coordinate,
organize, plan, and launch these
attacks. Having recovery plans in place
and alternate communication channels
open is vital to DDoS mitigation.
These attacks are constantly evolving,
which means a focus on mitigation and
awareness needs to be a part of every
business' risk management and
recovery plan. It's often best to
strategically partner with a DDoS
protection company in advance, so
you'll be prepared to handle a denial of
service attack quickly and with as little
interruption as possible.
About the author
OYEDELE Josiah is the founder and CEO of
Josidelhosting.com - a web hosting company
specializing in DDoS protected hosting
and DDoS mitigation services for
businesses and government websites.
targeted banks and financial
institutions in an effort to cover up
attempted security breaches and
fraudulent transactions. The
Department of Justice, the FBI, and the
Copyright Office have all experienced
disruptions in service by denial of
service attacks in the past – meaning
distributed denial of service attacks are
a serious problem.
Financial institutions and government
agencies are paying a close eye to the
development of recent DDoS attacks.
Cyber criminals and "hacktivists" are
increasing the strength of attacks and
using them as distractions to further
other crimes, like consumer fraud and
fraudulent ACH transactions. Earlier
this week, the Office of the Comptroller
of the Currency (OCC) issued a warning
to banks and financial institutions to be
on alert for upcoming attacks. There
has been a lot of coverage in the news
lately regarding Izz ad-Din al-Qassam
Cyber Fighters, who have claimed
responsibility for the recent attacks on
JPMorgan Chase Bank, Bank of
America, and US Bancorp, among
others.
Banks are not the only businesses
targeted by denial of service attacks –
nearly every industry or niche has been
targeted at one point. Sites particularly
vulnerable are government and
political websites, large retailers,
online gaming sites, and high profile
websites. The list doesn't stop there.
Many websites are attacked for no
apparent reason – often times simply
for disruption or unwarranted
retaliation. Some webmasters have
even been suspicious that competitors
use DDoS attacks as a way to damage
brand reputation and trust.
Efforts are now underway to create
more dialogue between financial
institutions themselves. The purpose is
to speed up the flow of communication,
so early warnings can be sent to out to
other banks to raise awareness and
preparedness. Denial of service attacks
come in many varieties, but they
essentially come in two forms: single-
origin and botnet. Each form of attack
has the ability to take a site offline, but
botnets are especially difficult to
combat because of the sheer scale of
the attack.
Distributed denial of service, or DDoS,
happens when a hacker, or hacker
group, sends a huge volume of traffic to
a target machine or website. Servers
have a finite amount of resources.
Scalable hosting is possible, but true
unlimited hosting is a myth. All
hardware has limitations. Hackers
capitalize on this knowledge by
ratcheting up traffic volume to the
point that the server cannot respond to
legitimate information requests from
real people attempting to access the
site. The tell-tale signs – a website that
is low to load or won't respond at all.
You may have experienced this at one
point trying to log into your online
banking account this month. When the
volume of malicious traffic eats up the
resources of the server it shuts down,
along with all of the websites currently
occupying that machine.
DDoS mitigation helps offset or
eliminate the affects of the attack.
DDoS mitigation can be an involved
process, requiring specialized
hardware, software, and of course – the
knowledge to combat the problem.
Often times, banks (and other
businesses needing DDoS protection
during an attack) will enlist a third-
party provider to mitigate the traffic
through proxy filtering. All traffic is
routed to the anti-ddos provider, bad
traffic is filtered out, and good traffic is
routed back to its original destination.
Any business prone to attack,
government agency, or financial
institution is considered "high risk
hosting" – meaning they require special
attention because they tend to deal
with repeated attempts bent on
compromising their network.
Since sensitive information is shared
and stored in financial computer
systems, the need for protection is
most important. Cybercriminal activity
trends show that sometimes even
rudimentary techniques can affect large
government and banking websites.
Small attacks still have the power to
stop valuable email communications
from being sent. Stopping
communication increases risk and
affects proper mitigation. Cyber pirates
use social media to coordinate,
organize, plan, and launch these
attacks. Having recovery plans in place
and alternate communication channels
open is vital to DDoS mitigation.
These attacks are constantly evolving,
which means a focus on mitigation and
awareness needs to be a part of every
business' risk management and
recovery plan. It's often best to
strategically partner with a DDoS
protection company in advance, so
you'll be prepared to handle a denial of
service attack quickly and with as little
interruption as possible.
About the author
OYEDELE Josiah is the founder and CEO of
Josidelhosting.com - a web hosting company
specializing in DDoS protected hosting
and DDoS mitigation services for
businesses and government websites.
Josidelhosting.com your number one hosting company.
Comments