To cope with an increased number of large distributed denial of service attacks, banks must not only have plans in place, they should also consider a broad set of defensive tools that combine on-premise technologies and cloud-based scrubbing services.
Financial institutions have been battling waves of large distributed denial of service (DDoS) attacks since early last year. Many of these attacks have been the work of a group called the Qassam Cyber Fighters (QCF), who until recently posted weekly updates on Pastebin reminding readers of the reasons for their efforts and summarising Operation Ababil, their DDoS campaign.
Other Hacktivist groups have launched their own DDoS attacks and targeted financial services institutions with focused attacks on web forms and content. There have also been reports of nation-state-organised cyber assaults on banks and government agencies, along with complex, multi-vector efforts that have combined DDoS attacks with online account tampering and even fraud.
The past year-and-a-half points to a state of hacking activity that consistently increases in intensity and evolves regularly. The recent incidents against all sizes of banks have shown that there are many kinds of DDoS attacks. These have included traditional SYN and DNS floods, as well as DNS amplification, application layer and content targeted methods. Denial of Service (DoS) activities that have targeted SSL-encrypted web page resources and content are an additional challenge. In some instances, the adversaries have moved to a blended form of attack that incorporates harder-to-stop application layer methods alongside "cheap," high-volume attacks that can be filtered and blocked through simpler means.
To cope with this level of malicious activity, CIOs, CISOs, and their teams need to have a plan in place and consider a broad set of defensive tools that combine on-premise technologies and cloud-based scrubbing services. They must also begin to explore and ultimately implement intelligence gathering and distribution methodologies that help lead to a comprehensive DoS mitigation strategy.
1. Have a scrubbing service or similar cleaning provider to handle large volumetric attacks.
The volumes associated with DDoS activity have reached a level where 80 Gbps of DDoS traffic is a normal event. There are even reports of attacks in the range of 300 Gbps. Few, if any, organisations can maintain sufficient bandwidth to cope with attacks of this size. And, when faced with DDoS incidents this large, the first thing an organisation needs to consider is the option to route its Internet traffic through a dedicated cloud-based scrubbing provider that can remove malicious packets from the stream. These providers are the first line of defence for large volumetric attacks as they have the necessary tools and bandwidth to clean network traffic so that DDoS packets are stopped in the cloud and regular business as usual (BAU) traffic is allowed through.
Sign up for Computerworld eNewsletters.