The Fraud Blog with Tracy Kitten

Banks' Leadership in DDoS Fight

As Targets Shift, Banks Must Assist Other Sectors
Banks' Leadership in DDoS Fight

As we mark the one-year anniversary this week of the first announcement of DDoS attacks waged by Izz ad-Din al-Qassam Cyber Fighters against U.S. banks, it's time to call attention to the need for banks to take a leadership role in helping other sectors fend off attacks (see Lessons Learned From Bank DDoS Attacks).

U.S. banking institutions must take the lead in the defense of our nation's critical infrastructure by sharing cyberthreat intelligence with other industries as well as lessons learned about effective defenses.

See Also: The External Attack Surface Is Growing and Represents a Consistent Vulnerability

Because of their experience in successfully fighting off distributed-denial-of-service attacks, financial institutions are on the leading edge when it comes to cyberthreat defenses and intelligence sharing via cross-industry collaboration.

In the years leading up to al-Qassam's attacks, many banks were largely complacent about ongoing DDoS threats. Other sectors must guard against this same attitude.

Now that the group's attacks against U.S. banking institutions have waned, other sectors need to be on the alert for the attacks to shift in their direction. Copycats, intent on using DDoS as a cover for fraud or for stealing intellectual property, also could be waiting in the wings.

That's why it's so urgent for banking institutions to share the DDoS intelligence they've gathered with other sectors, in addition to what they share with groups like the Financial Services Information Sharing and Analysis Center and law enforcement agencies, including the Federal Bureau of Investigation and the Secret Service, as well as governmental agencies.

The FS-ISAC has done a good job of encouraging intelligence sharing about DDoS attacks striking banks. But now, it's critical for this same collaboration to take place with other Information Sharing and Analysis Centers in other sectors to ensure all critical infrastructure sectors are protected.

Avi Rembaum of security systems provider Check Point Software Technologies, says the financial services industry, and the vendors that serve it, are prepared to help other sectors, such as government, the media, energy, transportation, healthcare, prepare for DDoS attacks.

"We are trying to become much better at leveraging intelligence," Rembaum says.

It's not just about defending the banks anymore. It's about protecting all components of the nation's critical infrastructure.

Shifting Targets

Experts have for months stressed concerns about attackers' shifting DDoS targets. al-Qassam's most recent strikes against U.S. banks and credit unions have been ineffective. The group's so-called Phase 4, which kicked off in July, has been unsuccessful - at least so far - at causing significant disruptions of any banking institution.

Still, al-Qassam continues to feed its botnet, known as Brobot, and experts speculate the only reason for this continued growth is a shift of targets. Why would this group keep striking banks when their attacks are having no impact?

"Attackers are looking for a successful angle," says Dan Holden of DDoS-mitigation provider Arbor Networks. "Some industries are concerned about these attacks shifting and hitting them, but not all are. Those who have not been hit before are not really taking the threat as seriously as others, and they're definitely not taking it as seriously as banking."

But if other industries don't take these attacks seriously, they will be caught off-guard. And banks can help by sharing their cyberintelligence (see DDoS: The Need for Updated Defenses).

DDoS: A Lingering Threat

Although Sept. 18 marks the one-year anniversary of al-Qassam's first Pastebin announcement about attacks against the U.S. financial services industry, banks had for years been suffering online outages from DDoS without paying much attention or taking much defensive action (see Alert: Banks at High Risk of Attack).

Granted, the DDoS attacks they suffered before al-Qassam were much smaller in magnitude and force. Nevertheless, sites were being taken down by DDoS attacks, sometimes without banks even knowing it.

Before al-Qassam's strikes, banking institutions often falsely attributed DDoS outages to technical glitches. They didn't have the detection capabilities they have today. And if banks were suffering from this lack of knowledge, it's fair to assume other industries were suffering, and perhaps continue to suffer, from the same narrow perspective.

Today, however, banking institutions appreciate the far-reaching and long-lasting impact these attacks have. Soon, other industries will appreciate this as well.

About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by, ABC News, and MSN Money.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.