Serious Attackers Paired With Online Mob In Bank Attacks

The denial-of-service attacks chalked up to crowdsourced hacktivism had little impact, except to camouflage much more effective packet floods using compromised content-management servers
By co-opting content-management servers, usually hosted systems with large-bandwidth connections to the Internet, the attackers were able to use fewer systems to level a larger volume of bandwidth at the victims. In addition, businesses will likely not shut down the servers very quickly, even in the face of abuse complaints, Neustar's Joffe says.

"If someone said your core enterprise publishing server is being used in an attack, [the security team] would have to get management permission to shut down the server because it would have a business effect," he says. "I can't say the attackers thought it through that way. It could be pure luck, but on the other hand, a good defender would not ascribe it just to pure luck."

The attacks also appeared to penetrate the DoS defenses that most financial institutions have in place as a matter of policy, says Paul Lawrence, vice president of international operations at Corero Network Security.

"Today's DDoS attacks are carried out by a new breed of highly capable cyber criminals who quickly switch to different attack sources as each new attempt is thwarted," Lawrence said in a statement.

The size and skill used in the attacks have government officials worried, as well. U.S. responders have reportedly had a number of closed door meetings, while the European Network and Information Security Agency has put DDoS attacks front-and-center in its Cyber Europe 2012 incident response exercise that took place on Thursday.

"The scenario for Cyber Europe 2012 combines several technically realistic threats into one simultaneously escalating Distributed Denial of Service (DDoS) attack on online services in all participating countries," ENISA stated. "This kind of scenario would disrupt services for millions of citizens across Europe."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.