One by one, like toy soldiers, the country’s largest banks are tipping over to an unprecedented distributed denial-of-service attack, or DDos.
Two weeks ago test attacks started on smaller sites around the net. Then last week JPMorgan, Citigroup and Bank of America were assaulted. This week , U.S. Bancorp and PNC Financial came under the digital hammer.
DDoS has been around for a long time. It’s basically a bombardment of a computer server with many requests. The Internet pipe gets overloaded, and the server “breaks” or shuts down. In this case, these online banking sites received so much traffic their websites went down. Down time, of course, means money lost. A sustained attack can cripple sites indefinitely.
A group called Izz al-Din al-Qassam Cyber Fighters has claimed responsibility for the attacks, stating it’s a response to the YouTube movie “Innocence of Muhammad,” which negatively depicts the Islamic prophet.
Defense against such an attack might look bleak, what with the nation’s largest (and we would hope most secure) financial services effectively beat. But there are a few preventative measures that can help secure your business.
• Recognize that DDoS could happen to your business.
• Review your current incident response plan. Does it include DDoS scenarios?
• Know what questions to ask: What’s the capacity and resistance of your gates to the Internet?
• Conduct annual cyber response incident tests. It’s important to test strategy and technical preparedness in case real DDoS hurricane blows at your door.
• Contact your ISP and find what measures they have in place to guard against DDoS.
• Review legal, contractual and insurance obligations related to business availability. Include third-party contractors if they have direct links to your network.
Ensuring that you have a game plan before the attack is the only hope you have against one.
Ondrej Krehel, Chief Information Security Officer,
Ondrej has more than a decade of network and computer security experience. His expertise extends to investigations of intellectual property theft, massive deletions, defragmentation, anti-money laundering and computer hacking. He led U.S. computer security projects at Stroz Friedberg and worked in IT security at Loews Corp.