Blog :: Security Operations

DDoS Attacks on Financial Institutions

financial security small

Being hit with a DDoS attack is one of the top Internet fears facing many financial institutions. It’s a form of cyber bullying that banks are struggling to determine how best to deal with. Similar to what a child might hear on the playground, “Give me your lunch money or I’ll beat you up,” banks are receiving extortion threats in the form of “Give us money or we’ll crush your website.” The reason banks are targeted is simple to understand: they have lots of money. Unfortunately, when threatened, some banks are handing over the cash in order to avoid an outage. This isn’t surprising when you consider that one DDoS attack can cost a company over $1.6M.

The Cost of DDoS

Nearly 50% of the Neustar survey respondents said their organizations would lose $100,000 or more per hour if the DDoS attack happened during peak business hours. One third pegged the number at $250,000 per hour.

“With financial institutions the payback is greater. Hackers target financial institutions because the thefts are greater with less effort,” said Mike Vigue, VP of Product Strategy at Bottomline Technologies. “Stealing from retail customers is less efficient.” source

Financial Security

While some might struggle to understand why these companies put up with the bullying, the truth is, they don’t have much choice. Financially, it makes sense for many banks to just pay the bully.

“[A] new model of ransom-based attacks could be on the horizon, motivated to pay off threats for fear of infrastructure-wide customer outages,” said Thomas Pore, director of IT at Plixer, a malware incident response company. “An infrastructure outage, such as DNS [denial of service], against a service provider impacting both the provider and customers may prompt a quick ransom payoff to avoid unwanted customer attrition or larger financial impact.” source

DDoS Getting Worse

An Akamai report released last month highlighted a 129% increase in DDoS attacks in the second quarter of 2016 compared to the same period last year. Despite a handful of attacks that exceed 100 Gbps in size and some that even topped 300 Gbps, the median size of DDoS attacks fell 36% to 3.85 Gbps. This could be because DDoS complexity is growing and hackers can do more damage with less traffic. Since this report was released, however, Mirai has become available, causing DDoS to grow exponentially.

“Big companies are now starting to worry that an attack is no longer an information security issue, it’s a board and shareholder and customer confidence issue,” said Dr Simon Moores, a former technology ambassador or the UK government and chair of the annual international e-Crime Congress. “What we are seeing is the weaponisation of these [hacking] tools. It becomes a much broader issue than businesses ever anticipated.” source

DDoS attacks such as the 620 Gigabit/second hit on are so large that they soon may not be possible to scrub by DDoS mitigation companies such as Radware and A10Networks. The DDoS against Krebs On Security was so large that Akamai gave in to the attackers and told Brian Krebs to find a new home for his website.

Internet of Things (IoT)

A big contributor to the growing DDoS dilemma is the growth of IoT devices. The vulnerability of these cheap appliances has made the proliferation of bots that participate in DDoS attacks much easier to expand. IoT devices in many cases never receive updates from the manufacturers, often are accessible with default passwords and sit right on the Internet, which makes them easy for bad actors to access, install malware and incorporate as part of their DDoS army.

Gartner, Inc. forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020. In 2016, 5.5 million new things will get connected each day. source

The Real Threat

A DDoS attack against a company may not actually be the biggest problem. Today, DDoS attacks can be hired and because of this, are relatively easy to launch against another company. In fact, sometimes they are launched in order to launch the real attack against the victim.

In about half of the cases these days, threat actors are using DDoS attacks to try and distract security response teams from other attacks going on at the same time,” says Joe Loveless, Director of product marketing at Neustar. source

Combating DDOS

Today, not much can be done if you are targeted by a DDoS attack, but you should always assume that the DDoS is merely a smoke screen. Make sure your IT team is collecting flow data and monitoring for abnormal communication patterns. Beyond this, individuals need to be doing their part by Securing IoT Devices.