DDoS Attacks Create New Strife in the Banking World

David Avery
October 1, 2012

Last week saw several major banks such as Wells Fargo and U.S. Bankcorp undergo concerted cyber attacks that nearly shut down their websites and slowed customer access. Theories abound as to the ultimate perpetrator of the attacks, from the famed “Anonymous” group to a foreign power such as Iran. What isn’t under dispute, however, is the nature of the attack: DDoS.

Denial of service (DoS) and distributed denial of service (DDoS) attacks are the oldest methods of disabling IP networks.  DDoS attacks are one of the least technically complicated to unleash, but are also one of the most instantaneously obvious – which makes them a go to option for anybody wanting to immediately hurt a website or web presence. They continue to remain one of the most effective ways to impact the performance of IP networks or services, or completely restrict access to a network, service, or application for legitimate users.

By definition, the intent of a DoS/DDoS attack is to partially restrict or completely deny access of legitimate users to resources provided by a victim’s network, computer, or service. When this attempt is initiated from a single host, the attack is called a DoS attack. While DoS attacks can be successful mounted using a single host with limited resource, the majority of the attacks require a group of malicious hosts that flood the victim’s network with an overwhelming amount of attack packets. This type of attack is called distributed DoS.

The Zombie Apocalypse

According to Internet World Stats, the worldwide Internet population in June of 2012 was over 2 billion users. Many of the Internet users browse the Internet without appropriate security software, or by using operating systems and software that is not properly updated. Attackers use automated techniques to discover such systems and use known vulnerabilities to install DDoS tools on those system.  Such infected computers are called Zombie computers.

The attacks on Bank of America, Wells Fargo, Chase, and other banks were sent through high-powered application servers. The attackers targeted these application servers to build the network for the DDoS.  Due to the power capabilities of the application servers, the amount of traffic sent to the banking websites was unprecedented (CNN has an article detailing the nature and process of this current attack).

Relying on hundreds to thousands of infected computers that have been previously infected with worms or trojans that facilitate remote control for an attacker, large DDoS attacks can be coordinated. Larger botnets can exceed 100,000 zombie computers, which can generate aggregated traffic from 10Gbps to 100Gbps – more than most ISPs can handle.

An Ounce of Prevention…

Early detection of DDoS, as well as pre-planned strategies for dealing with a DDoS, are the best ways of limiting the damage done by this attack method. Denial of service attacks often use dozens of attack techniques designed to overload network and security devices. Pre-deployment testing and production network monitoring will give network operators a leg up for circumventing this malicious intrusion. This type of testing requires test equipment capable of simulating thousands of computers.

"Detecting a DDoS against your systems is obviously an uncomfortable situation,” says Steve McGregory, Director of Application and Threat Intelligence for Ixia BreakingPoint. “Preparedness, with a plan to mitigate these attacks, is the way to relieve such fears. Having a system like the BreakingPoint FireStorm, that can emulate these DDoS scenarios, gives you the tools to prepare against DDoS attacks"

Kristi Thiele, Senior Systems Engineer at Ixia BreakingPoint, recently posted a blog detailing how to test defenses and people tasked with responding to a DDoS attack with a “fire drill” – the moment you realize your network is under attack is not the time to test. “It’s imperative that network operators figure out beforehand where they are vulnerable, and not be caught off-guard when a DDoS attack hits,” she said. “Understanding the limits of your network pre-deployment and having a validated plan to deal with an attack are crucial to surviving a major hit.”

The networking and security infrastructure must be tested to ensure that none of the denial of service attacks, singly or in combination, is able to succeed in disabling key services.  In addition, the ability of the systems to accept new connections and provide an acceptable level of performance must be measured and known ahead of an attack.

Additional Resources:

Ixia BreakingPoint DDoS testing solutions

Ixia BreakingPoint DoS evaluation services

Ixia BreakingPoint DDoS blog resources

About Ixia and BreakingPoint

blog comments powered by Disqus