How should banks and financial institutions deal with increasing numbers of large-scale denial of service attacks?
By Avi Rembaum and Daniel Wiley.
Financial institutions have been battling waves of large distributed denial of service (DDoS) attacks since early 2012. Many of these attacks have been the work of a group calling itself the Qassam Cyber Fighters (QCF), who until recently posted weekly updates on Pastebin about their reasons behind their attacks, and summarising Operation Ababil, their DDoS campaign.
Other hacktivist groups have launched their own DDoS attacks and targeted financial services institutions with focused attacks on web forms and content. There have also been reports of nation-state organized cyber assaults on banks and government agencies, along with complex, multi-vector efforts that have combined DDoS attacks with online account tampering and fraud.
These incidents against all sizes of banks have shown that there are many kinds of DDoS attacks, including traditional SYN and DNS floods, as well as DNS amplification, application layer and content targeted methods. Denial of service (DoS) activities that have targeted SSL encrypted webpage resources and content are an additional challenge. In some instances, the adversaries have moved to a blended form of attack that incorporates harder-to-stop application layer methods alongside ‘cheap’, high-volume attacks that can be filtered and blocked through simpler means.