Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Cyberattacks on US banking websites subside

Prolexic, which says it protects the top financial institutions, says the attackers have done their homework

Article comments

The wave of cyberattacks against a half-dozen US financial institutions has subsided this week, but the recent demonstration of force shows a careful honing of destructive techniques that could continue to cause headaches.

The attacks against Wells Fargo, US Bancorp, PNC Financial Services Group, Citigroup, Bank of America and JPMorgan Chase succeeded in drawing ire from consumers trying to use the sites for regular banking.

But customer-facing websites are just a small part of very complicated banking systems consisting of sometimes thousands of back-end applications that are being prodded by attackers, said Scott Hammack, CEO of Prolexic, a company based in Hollywood, Florida, which specialises in defending against distributed denial-of-service (DDOS) attacks.

The attackers "have absolutely done their homework on these large companies," Hammack said. "They've found many, many weak spots, and their attacks are very focused on those weak links."

Prolexic is in a unique position to observe the attacks. The financial institutions victimised by the attacks last week are its customers, although confidentiality agreements with the banks prevent Prolexic from directly naming the companies, said Prolexic's president, Stuart Scholly.

The attacks have consumed up to 70Gbps of bandwidth, well beyond the 1Gbps to 10Gbps circuits that large companies tend to rent, Scholly said.

"There are very few companies that can afford to buy that kind of bandwidth," Scholly said.

Within a few minutes of the start of an attack, DNS (Domain Name System) or BGP (Border Gateway Protocol) routing changes are used to direct malicious traffic through Prolexic's data centres in London; Hong Kong; San Jose, California; and Ashburn, Virginia. The bad traffic is scrubbed, while non-attack traffic is passed along to customers.

As exhibited by last week's problems, it doesn't mean in every case that a site's hiccups are immediately cured. The hackers are using between six and eight different types of attacks originating from small armies of compromised computers. Those botnets are often in the US and China, which are countries with large numbers of computers without up-to-date patches, making those machines vulnerable to hackers to install DDoS toolkits.

Prolexic called out one of those toolkits, called 'itsoknoproblembro', but declined to say if that toolkit was used in last week's attacks.

The hackers are taking steps to make each attacking computer within those botnets look different. Prolexic tries to identify an attacking computer by its 'signature', or a set of characteristics that make it look unique. But if those parameters vary over time, it's more difficult to block an attack.

The vast range of IP addresses used by banks also makes defense more difficult, as hackers try different attack techniques against applications and ports, testing for latency, or how long it takes the bank's systems to respond.

"It's not like protecting mum and dad's ABC hardware store with a single IP address and a couple of ports," Hammack said.

Prolexic executives won't speculate on the motivation for the attacks or what group may be responsible, but Hammack said he is "frustrated when people say this is a dumb attack by some kid in an apartment in Brooklyn."



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *