Menu
Banking Exchange Home
Menu

Denial of service attacks often hide more sinister intent

Knowledge of attack signatures help security teams identify the real threat

Denial of service attacks often hide more sinister intent

Often, when a bank encounters a distributed denial of service attack, the criminals’ real objective is to use it as a distraction while they attempt to actually break into customer accounts. Lately, a specific tool for this tactic—called the Drive DDoS toolkit—has been identified.

Prolexic recently shared attack signatures and details that are helpful to detect and stop DDoS attacks from the Drive DDoS toolkit,.

DDoS attacks from the Drive DDoS toolkit and other variants of the Dirt Jumper toolkit can sidetrack IT security personnel while criminals attempt to transfer funds out of bank accounts, gather passwords for later use, or place unauthorized orders. Because attacks from this criminal DDoS toolkit are associated with identity theft, recognizing the Drive toolkit as the source of a DDoS attack can lead financial institutions, banking, insurance, investment firms, brokerages or ecommerce firms to suspect and investigate possible fraudulent access of customer accounts that may have occurred during the attack.

“During the confusion of a DDoS attack, malicious actors can break into the financial and ecommerce accounts of customers without being noticed,” says Stuart Scholly, president at Prolexic. “IT departments are typically so focused on the damage caused by the DDoS attack that they don’t realize it may merely be a planned distraction while criminals loot customer accounts.”

The Drive toolkit, which is being leaked in underground hacking forums, has been the source of multiple recent DDoS attacks observed by the Prolexic Security Engineering and Response Team (PLXsert). The tool is a newer variant of the Dirt Jumper family of DDoS toolkits, one of the most popular denial of service attack tools in use today.

“In recent weeks, Prolexic has detected, stopped, and mitigated DDoS attacks launched against our clients from the Drive DDoS toolkit,” says Scholly. “Although these attacks are cousins to Dirt Jumper DDoS toolkit, they have new signatures and communication patterns. In all cases, Prolexic mitigated attacks from the new toolkit in minutes, as promised in our service level agreement.”

Six types of DDoS attacks are built into the Drive toolkit, allowing attackers to launch a variety DDoS attacks. The tool features GET floods, POST floods, POST2 floods, IP floods, and IP2 floods directed at the application layer as well as UDP floods, which target network infrastructure. Encryption allows malicious actors to hide their identities.

“Companies often don’t realize they are under attack from the Drive toolkit, because application attacks increase server utilization without excessive network traffic,” Scholly says. “The information in the threat advisory can help detect these attacks quickly.”

An analysis of the Drive threat, including screenshots, launch commands, sample payloads and identifying signatures to enable DDoS mitigation techniques, is available free of charge in Prolexic’s Drive DDoS Threat Advisory at http://www.prolexic.com/drive-ddos.

 

John Ginovsky

John Ginovsky is a contributing editor of Banking Exchange and editor of the publication’s Tech Exchange e-newsletter. For more than two decades he’s written about the commercial banking industry, specializing in its technological side and how it relates to the actual business of banking. In addition to his weekly blogs—"Making Sense of It All"—he contributes fresh, original stories to each Tech Exchange issue based on personal interviews or exclusive contributed pieces. He previously was senior editor for Community Banker magazine (which merged into ABA Banking Journal) and for ABA Banking Journal and was managing editor and staff reporter for ABA’s Bankers News. Email him at jginovsky@sbpub.com.

back to top

Sections

About Us

Connect With Us

Resources