One by one, like toy soldiers under fire, the country’s largest banks are being peppered with distributed denial-of-service attacks, or DDos.
In early September, test attacks began on small banks’ sites. Then JPMorgan, Citigroup and Bank of America were assaulted. Most recently Wells Fargo, U.S. Bancorp and PNC Financial came under the digital hammer.
DDoS attacks have been around for a long time. Basically, a computer server is bombarded with requests in an attempt to make a site unavailable for intended users. The server becomes overloaded and cannot respond, or becomes paralyzingly slow. In the recent cases, online banking sites received so much traffic their websites went down. Down time, of course, means money lost. A sustained attack can cripple sites indefinitely.
A group calling itself Izz al-Din al-Qassam Cyber Fighters has claimed responsibility for the attacks, stating they were a response to the YouTube movie “Innocence of Muhammad,” which negatively depicts the Islamic prophet.
If the nation’s largest financial services’ companies are vulnerable, it might seem that defense against such attacks is futile, but there are a few preventive measures that can help secure your business.
• Recognize that DDoS could happen to your business.
• Review your current incident response plan. Does it include DDoS scenarios?
• Know what questions to ask: What’s the capacity and resistance of your gates to the Internet?
• Conduct annual cyber response incident tests. It’s important to test strategy and technical preparedness in case a real DDoS hurricane blows at your door.
• Contact your ISP and find out what measures they have in place to guard against DDoS.
• Review legal, contractual and insurance obligations related to business availability. Include third-party contractors if they have direct links to your network.
Ensuring that you have a game plan before the attack is the only defense you have against one.
Ondrej Krehel, Chief Information Security Officer, IDentity Theft 911
Ondrej has more than a decade of network and computer security experience. His expertise extends to investigations of intellectual property theft, massive deletions, defragmentation, anti-money laundering and computer hacking. He led U.S. computer security projects at Stroz Friedberg and worked in IT security at Loews Corp.
Leave a Reply