DDoS: Are Attacks Really Over?

Expert Says Attacks Likely After More than Publicity

By , February 5, 2013.
DDoS: Are Attacks Really Over?
Read Transcript

Although hacktivists announced suspension of DDoS attacks against banks, other industries are now getting hit, and banks can't afford to get complacent because of the fraud risk, says security specialist Bill Stewart.

The major concern for banks and others about these distributed-denial-of-service attacks is whether they're being used to identify vulnerabilities and pave the way for eventual fraud, says Stewart, senior vice president at the consulting firm Booz Allen Hamilton.

"A DDoS attack can be an annoyance, but in and of itself, it is not typically the primary issue at hand," he says in an interview with BankInfoSecurity.

Stewart says attacks often are waged to disguise fraud or to access proprietary information. "Often what's going on is some other potential exploitation," he says.

For now, he says, banking institutions need to continue focusing on defenses.

Evidence of More Attacks

While the attacks waged against U.S. banking institutions have slowed, Stewart says evidence suggests the same botnet used in those attacks, or one very similar to it, is being used to target other industries. For example, a DDoS attack blocked access to e-commerce retailer Amazon.com's website for 45 minutes on Jan. 31.

"Amazon is a significant Internet presence, so to have them offline does take a fairly substantial capability - and that is what we've seen with these attacks against the financial services industry," Stewart says.

Although it's not clear whether the same group was behind the attacks against Amazon as well as the banks, the recent activity demonstrates that all industries are at risk of large-scale attacks, the consultant stresses.

"The DDoS attacks and the overall technology that it takes are not, in the grand scheme of things, all that sophisticated," he says. "What's different is the sheer volume of information and the size of the attacks."

DDoS Against Banks

The hacktivist group Izz ad-Din al-Qassam Cyber Fighters, which has taken credit for the two waves of attacks that have targeted U.S. banking institutions since mid-September, claimed Jan. 29 that it would suspend its attacks as a gesture of appreciation for YouTube's removal of the most popular link to a movie trailer deemed offensive to Muslims. Since the beginning, the group has pointed to the offensive video's presence on YouTube as the catalyst for its attacks.

But other links to the movie trailer are still accessible on YouTube, and some industry experts speculate that the attacks were waged and stopped for reasons beyond what the group has claimed (see Banks Skeptical About DDoS Cease-Fire).

Stewart says there's a possibility that the attacks were waged as a way to distract institutions from attempts at fraud taking place in the background.

The positive side of the attacks is that they have highlighted cybersecurity risks financial institutions may have previously overlooked, Stewart adds.

"One of the benefits of the recent attacks is that they've raised some visibility and awareness around cybersecurity," he says. "So most of the institutions that we have relationships with are using this as an opportunity to push forward with their [security] capabilities and continue to improve."

What It All Means

During this interview, Stewart discusses:

  • Why the banking industry is concerned about the potential for fraud and advanced persistent threats linked to DDoS;
  • The challenges of identifying what the next DDoS targets might be; and
  • How organizations should address DDoS prevention.

Stewart has more than 25 years of professional experience in designing, developing and deploying cybersecurity solutions. At Booz Allen Hamilton, he leads the firm's Cyber Technologies Center of Excellence, which helps clients secure critical business systems and accomplish mission-critical goals. Before joining Booz Allen, Stewart worked for a major electronics firm, where he developed communications security and key management devices.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Cybersecurity: A Congressional Priority

As the 114th Congress convenes this week at a time of growing public awareness of security...

Latest Tweets and Mentions

ARTICLE Cybersecurity: A Congressional Priority

As the 114th Congress convenes this week at a time of growing public awareness of security...

The ISMG Network