DDoS attacks: a plight on all financial institutions. The increasing frequency of these intrusions heightens the need for banks and credit unions to maintain strong security protocols. Strong security protocols, however, require a fundamental knowledge of what a DDoS attack is and the disastrous effect it can have on your institution.
But this is not a “one size fits all” issue; DDoS attacks come in many different forms. Likewise, there are multiple methods to combat DDoS attacks effectively. Use this guide to understand the variations of DDoS attacks and how best to combat them.
1. Volume Attacks
- Objective: Flood an organization’s circuits with traffic.
- Description: Attackers use publicly accessible Domain Name System (DNS) servers to flood a target system with DNS response traffic. They can also use User Datagram Protocol (UDP) floods, where an attacker sends IP packets containing UDP diagrams en masse so that the victim can no longer handle valid connections. Also under the “Volume Attack” category, Internet Control Message Protocol (ICMP) floods occur, in which ICMP echo requests overload the intended target with so many requests that it can no longer process valid network traffic. All subsets of this type of attack saturate the bandwidth of the target site.
- Measured In: Bits per second (Bps).
- Best Defense: Share DDoS response strategy with your managed services provider and grant them proxy authority to contact your ISP on your behalf.
2. Protocol Attacks
- Objective: Maximize network interference.
- Description: These incursions include SYN floods, whereby attackers try to render a system unresponsive by sending it large volumes of SYN requests, and fragmented packet attacks, during which IP datagrams are broken down into smaller packets to be transmitted over different network media and then reassembled at the other end. This type of assault consumes actual server resources or those of intermediate communication gear, including firewalls and load balancers.
- Measured In: Packets per second
- Best Defense: Document all public-facing services used by the organization, as well as business risks associated with those services and ways the organization would handle mitigation of a DDoS attack for each service.
3. Application Attacks
- Objective: Overwhelm operating systems and applications that are designed to receive data.
- Description: These attacks include Slowloris, a Web-server incursion that tries to open a large number of connections and keep them open for as long as possible, and Zero-day DDoS, also known as a zero-hour attack that takes advantage of unfixed computer bugs. These attacks comprise seemingly legitimate and innocent requests, with the goal of crashing the Web server.
- Measured In: Requests per second
- Best Defense: Maintain strong vendor relationships and ensure DDoS mitigation strategies exist for any vendor providing hosted or cloud services to the organization.
It’s Going to Get Worse Before it Gets Better…
Concerns surrounding the increase in DDoS attacks against financial institutions intensify with the paralleled increased availability of attacking tools. Exploit kits, cybercrime instruments sold as off-the-shelf product bundles including Blackhole, Phoenix, Ellenore and Citadel are becoming widely available. These bundles are usable without any kind of technical hacking skills, granting easy access from the novice to experienced cybercriminal. More advanced versions of the popular exploit kits can automatically create and authorize fraudulent transactions, with zero intervention from the attacker.
To date, DDoS attack motives appear more politically provoked than financially motivated, as recent attacks have not directly pilfered funds or sensitive personal information. However, that’s not always the case: some DDoS attempts might serve to divert attention and/or disable alerting systems in order to cover fraudulent activity. Financial Institutions should take every precaution to ensure they are well prepared for a DDoS attack.
Stephen G. Smith has more than 21 years of Information Technology experience in the areas of Systems Management, Information Security and Compliance. Prior to joining CSI, Stephen worked as the IT Security and Compliance officer for a civilian U.S. Department of Defense/NATO contractor in the field of distributed logistics databases.