DDOS - Lessons Learned from the 'Triple Crown' Bank Attacks
In the last few months, major U.S. banking institutions have been victims of a powerful wave of distributed-denial-of-service attacks that combine three different attack tools. These "Triple Crown" attacks take DDoS to a whole new level. How can institutions improve their defenses?
See Also: Effective Cyber Threat Hunting Requires an Actor and Incident Centric Approach
Join this session for expert insight on lessons learned from the Triple Crown attacks, including:
- What worked and what did not work in the latest DDoS attacks;
- How certain financial institutions successfully prevented attacks;
- Recommended layered approach to improve DDoS defense.
Beginning in the fall of 2012, more than a dozen major U.S. financial institutions have been targeted by a series of DDoS attacks aimed at taking down or slowing websites and preventing customers from doing their online banking.
A self-proclaimed hacktivist group has taken credit for these attacks and vowed early in 2013: "Rulers and officials of American banks must expect our massive attacks! From now on, none of the U.S. banks will be safe from our attacks."
Among the unique characteristics of these attacks: Hacktivists did not use a traditional botnet, one that included thousands of compromised PCs. In this case, attackers used compromised web servers which require fewer machines but provide high speed, high volume capabilities. In addition to the unique, high speed nature of the attacks, hackers utilized a mix of application layer attacks and volumetric attack traffic on a variety of protocols. The other obvious and uncommon factor at play was the launch of simultaneous attacks to multiple companies in the same vertical. This put an unusual strain on the mitigation capacity of both the financial enterprises internal defenses and the security provided by their managed security services providers.
In this session, Arbor Networks DDoS experts, who were actively engaged in the mitigation of these attacks at both the service provider and enterprise level, will review the lessons learned and provide an overview that attendees can use for their own executive management and board level discussions on risk management.
Among the takeaways from this session:
- How these Triple Crown attacks used multiple tools to infiltrate and overwhelm networks;
- Why enterprises need a layered DDoS defense strategy that combines purpose-built DDoS on-premise with cloud-based mitigation;
- Strategies and solutions proven to protect your organization.
You might also be interested in …