Page 90 - CDM Cyber Warnings February 2014
P. 90
Funded DDoS Campaigns protecting and who is communicating with it then you can
Since September 2012, the financial services industry has become blind to any type of attack. In order to defend
been the target of serious, sustained and well-funded attack networks today from today�s complex DDoS threat,
campaign called Operation Ababail and led by a group enterprises need to deploy security in multiple layers, from
called Cyber Fighters of Izz ad-Din al-Qassam. Many have the perimeter of their network to the cloud, and ensure that
speculated that Iran is behind these attacks. They very well on-premise equipment can work in harmony with provider
may be. While the question of who did it can make for great networks for effective and robust attack mitigation. This
movies, those of us in the security business are focused deployment model not only better protects against DDoS
much more on the question of how they did it. attacks but provides for greater visibility to kick off
defensive processes.
The attack tactics observed against the banks were a mix
of application-layer attacks, volumetric attacks and attacks Network and security teams need to have incident response
against the infrastructure itself, often at the same time. process in place, and furthermore, they must practice. Do
These were complex, multi-vector attacks, well thought you know when to call your provider, or the steps to
out, coordinated and executed. This campaign has had respond to or escalate mitigation� The time to figure this
multiple waves, with attackers obviously studying the is out is not when you are under attack. Incident response
banks defenses and adapting. Each attack has grown in and preparedness, while often seen as things that would be
sophistication, strength and breadth. nice to do if you had the time, can have a significant impact
on the organizations ability to mitigate the attack. When it
Millions stolen from US banks after 'wire payment switch' comes to network security today, do sweat the small stuff.
targeted The best advice for banks might be to think more like a
Gartner vice president Avivah Litan said at least three casino. They have visibility into everything occurring on
banks were struck in the past few months using "low- their property; from the time someone comes on-premise
powered" distributed denial-of-service (DDoS) attacks to the time they leave. They deploy various layers of
meant to divert the attention and resources of banks away physical and virtual security to mitigate threats. They look
from fraudulent wire transfers simultaneously occurring. for anomalies and patterns; they share information with
The loses �added up to millions [lost] across the three their peers at other casinos about threat actors, targets and
banks", she said. "It was a stealth, low-powered DDoS techniques. They are constantly gathering and sharing
attack, meaning it wasn't something that knocked their intelligence. They are in a continual process of watching,
website down for hours."So, not only can DDoS be a learning and adapting.
complex, multi-vector attack that targets bandwidth
capacity, applications and infrastructure, simultaneously, Dan Holden,
they are also being used as a diversionary tactic in Director of security research for Arbor Networks Security
conjunction with other attacks. Making matters even more Engineering & Response Team (ASERT)
challenging, not only is DDoS no longer a simple flood
attack, or just a network issue, but DDoS is increasingly a Dan Holden is the Director of ASERT, Arbor's Security Engi-
neering and Response Team, where he leads one of the most
feature or additional aspect of the larger threat landscape.
well respected security research organizations in the industry.
His teams oversee the ATLAS global security intelligence data-
base, and are responsible for threat landscape monitoring and
What can be done�
Internet security research including the reverse engineering of
Effective defense against complex threats has two primary malicious code. Dan also oversees the development and deliv-
requirements; best practice deployments of effective ery of security content and countermeasures for Arbor's indus-
try leading DDoS technologies via the ATLAS Threat Feed
technology and processes that work. Perhaps easy in (ATF) and the ATLAS Intelligence Feed (AIF) threat detection
concept, these simple ideas can become difficult in practice. services.
If you don� t have knowledge or visibility into what you are
CYBER DEFENSE MAGAZINE - ANNUAL EDITION 90
