The Field Report with Tom Field

DDoS: The Next Wave As Attacks Strike Europe, Are London Banks in the Crosshairs?

Notes from day two of the Infosecurity Europe event in London.

See Also: How to Mitigate Credential Theft by Securing Active Directory

I'm told this would prove to be the busiest day of this three-day event, which typically draws in the neighborhood of 13,000 attendees, but may set a new benchmark this year. Everybody wants to talk - and see - security.

The next sound you're waiting to hear is for the other shoe to drop. 

I had a conversation about distributed-denial-of-service attacks with Dan Holden, DDoS expert from Arbor Networks.

DDoS attacks against banks are popping up in parts of Europe. In fact, our own Tracy Kitten reported on this trend earlier this week (see DDoS Strikes Take EU Banks Offline).

But what's interesting is that the attacks have hit banks in the Netherlands and elsewhere - not London. That's odd because, as Holden points out, "London is where the banks are."

Are the attackers honing their skills elsewhere before attacking London, or are its banks off the hook because the U.K. isn't in any geo-political hot water with any nation states that may be encouraging the attacks? "They're in the crosshairs at some level," Holden says. It's just a question now of whether shots are fired.

The other interesting point, which Tracy also made this week: The third wave of DDoS attacks against U.S. banking institutions, which, apparently, are not related to the attacks in Europe, isn't ending (see DDoS Attacks on Banks: No Break In Sight). In the past, we've seen the hacktivists take a break after six or eight weeks to recharge and reload. This time they are consistently attacking banks, but generally staying under the radar - alerting us to what they've done, not bragging about what they intend to do.

What to make of this trend? Holden says we've seen new tools deployed in the current wave, but Brobot - the botnet network used to attack U.S. banks - really hasn't grown; it's just been maintained. It could be that the attackers are testing various sites, looking for ways to grow their botnet and launch a bigger, badder fourth wave of attacks.

This we know: We're into our eighth month of DDoS attacks, and they show no sign of diminishing. Twice the attackers have regrouped, and each time they've come back stronger. Perhaps there won't be a "spring break," but there's no reason to believe the attacks will ease.

Doesn't matter at this point whether you're in London or anywhere else in the world. The next sound you're waiting to hear is for the other shoe to drop.

Impressions of Infosecurity Europe

As an American visiting this European event for the first time, I'm frequently asked for my impressions. Here's what I say:

If you use your ears alone, then this conference is no different than any other security event. Application security. BYOD. Targeted attacks. Walking the floor, you hear the same industry buzzwords here as anywhere in the world, and you wonder: How do the security vendors succeed at distinguishing themselves?

But as you watch, observe and talk, you do perceive the event's distinctions. Here's how I compare Infosecurity Europe to a typical U.S. event:

  • More Formal - People definitely dress for this event. It's not a t-shirt and blue jeans crowd by any means. And whereas the coat and tie are pretty much antiques at most of the "business casual" events I attend, they're more the norm here. Which makes the next point all the more interesting.
  • More Communal - Beneath the formality, there's a genuine familiarity. This is an information security community. The vendors, the practitioners, the journalists - they know one another, they greet one another cheerfully, and there's a palpable difference in the conversations. At other events, people have encounters or transactions; here they make connections. This event definitely seems to be propelled by relationships.
  • More Urgency - This is likely more a reflection of the times than of the venue. With DDoS and breaches and cyber-espionage all around us, we're no longer going to these events to discuss what could happen. We're reacting to what's already occurring. Consequently, the vendors tell me, they're fielding tougher, smarter questions. The attendees aren't just kicking tires; they're ready to buy. Particularly in Europe, where data protection rules are evolving, there is new urgency to deploy security strategies and solutions.

There are other, more trivial details. Like there sure is a lot more smoking here outside the venue than I'm used to, and the beer breaks out at the booths are a bit earlier in the afternoon. And, boy, the post-event crowd spills out onto the sidewalks outside the pubs in ways you'd never see in New York or San Francisco.

But my overall favorable impression is that Infosecurity Europe deserves its reputation as a premier information security event. The agenda and hot topics are the same you'd encounter at any such event. But the execution is unique and, I believe, successful.



About the Author

Tom Field

Tom Field

Vice President - Editorial, ISMG

Field is an award-winning journalist with over 30 years experience in newspapers, magazines, books, events and electronic media. A veteran community journalist with extensive business/technology and international reporting experience, Field joined ISMG in 2007 and currently oversees the editorial operations for all of ISMG's global media properties. An accomplished public speaker, Field has developed and moderated scores of podcasts, webcasts, roundtables and conferences, and he has appeared at RSA Conference and on various C-SPAN, The History Channel and Travel Channel television programs.




Around the Network