In recent months, reports have surfaced that hacktivist groups moved mostly by political and ideological leanings have unleashed Distributed Denial of Service (DDoS) attacks on global banks, allegedly targeting Bank of America, Capital One, Chase, Citigroup, Wells Fargo and the New York Stock Exchange. These attacks bombard websites with nuisance traffic, preventing legitimate transactions from occurring hence damaging revenue. As well they are often used as diversions to carry out more insidious attacks aimed at stealing confidential information.
In an effort to shed some light on these attacks and their impact on the financial services industry, The Ponemon Institute released a study last month, commissioned by Corero Network Security, titled: “A Study of Retail Banks & DDoS Attacks.” The study, which surveyed 650 IT professionals from 351 banks, revealed some startling findings.
What follows are some of the more notable takeaways and what banks can do to facilitate
DDoS mitigation and even stop DDoS attacks altogether.
* * * *
According to the study, nearly two-thirds of those surveyed reported that their bank had suffered a DDoS attack in the last 12 months. A shocking number, or maybe not so shocking, considering how generally tightlipped the financial industry is with this sort of information. Very interesting however: Nearly HALF of all respondents revealed that their bank had suffered multiple incidents in the past year.
This survey gives us a peek behind the proverbial curtain. The numbers tell us an obvious tale: All banks are at a heightened risk of DDoS attack. The frequency of attack is alarming when combined with the recent alert released by the Office of the Comptroller of Currency. The regulatory agency called for increased vigilance and reiterated that these DDoS attacks could and may be used as a smokescreen to perpetuate fraud and other malicious activity. The sheer number of banks attacked means no institution is safe.
* * * *
Most don’t see the DDoS threat abating, yet only a small number plan to bolster their defenses, the study found. Nearly 80% of bank IT security experts expect the attacks to continue, and even significantly increase, in the coming year. As for investing in new protective measures: Only 30 percent say they are planning to purchase an anti-DDoS technology in the next 6 to 12 months.
This is a common problem. Most networks are protected by what is commonly known as a firewall. Typically, a firewall creates a sort of bridge that separates the unknown (the Internet) from the known (the network). This method of defense – basically a traffic cop -- which has been relied on for nearly two decades, was not built to combat today’s attacks at the perimeter from DDoS to zero day attacks though many institutions think this is all they need. But this technology, while serving an important function, is only a part of what should be a multi-pronged approach.
With firewall technology proving insufficient and attackers growing in sophistication, a new first line of defense network security solution that goes beyond firewall technology is what is needed to stop these attacks before they can take root. Financial institutions on the front lines need to allocate funds towards these more advanced
DDoS protection services.
* * * *
From the “Easier Said than Done” Department: The survey also found that a lack of resources threatens retail banks’ ability to deal with DDoS attacks. While there is no strong consensus about the most critical barrier to preventing DDoS attacks, insufficient personnel and in-house expertise seem to be the most serious concerns.
Sadly, it always comes down to resources. In this case, the lack of experienced perimeter security pros according the survey. The attackers have hundreds of easy-to-implement attack tools at their disposal, while the victims often have little understanding of how even these simplest tools work. Many in-house security professionals are only beginning to understand the broad spectrum of possible DDoS attack vectors they may experience. Inadequate first generation border technologies were not designed to block all of the unwanted network traffic. Therefore, a well-rounded defense strategy must be deployed to develop a solid network security solution. There is no better way to do this then to get to know the enemy: Download the latest attack tools, see how they work, test them against your own border defenses and talk to your providers to see if they can block the latest attack vectors. Here is great question to ask your service provider. Can you block Slowloris? If they respond with “What’s Slowloris,” you’ve got your answer.
* * * *
There is too much to do and too few to do it. The survey found that diminished productivity of the bank’s IT staff was the worst consequence of a DDoS attack. Respondents in this study were most concerned about the time and effort required to respond to these attacks.
Can you imagine the frenzy that occurs when an overtaxed, underprepared IT staff is reacting to a DDoS attack? To ensure a calm and orderly response, banks must ensure that there are solid business continuity and disaster recovery plans in place. Plans that address tactical preparedness and response in an effort to stop DDoS attacks. The worst thing an IT staff can do is go into an attack without proper guidelines in place. Without one, banks will have little if any success of surviving the ill effects of a full-scale onslaught.
* * * *
The report paints a clear picture: DDoS attacks are on the rise, getting more sophisticated yet easier to launch and many target organizations are ill prepared to prevent them. It takes proper planning, instruction and the correct (and properly configured) network security hardware to maintain business integrity. All organizations that rely on the Internet to conduct business are at risk. Protect yourself and your customers by implementing a first line of defense perimeter security solution, and taking the necessary steps to halt DDoS attacks in their tracks.
This Article has been written by:Marty Meyer, President
Corero Network Security