DDoS Campaign Requires New Thinking

April 22, 2013

Last week the al-Qassam Cyber-Fighters (AQCF) worked said on PasteBin that they were going to start on their 55th day of their distributed denial of service (DDoS) campaign against large U.S. based banks, Operation Ababil.  One of my co-workers outlined his reading of the situation: “each week they step up to bat, point to their target in the far reaches of the high outfield bleachers, and then knock the next pitch into the stands, exactly where they intended.”  They have been able to consistently direct, what were until recently, unthinkable volumes of attack traffic at their targets.  Bank website outages may be double or more what they were a year ago.  Some organizations are having a tougher time than others.  Threat intelligence sharing has not proven to be a great help in repelling these ongoing attacks.

These DDoS successes demonstrate the power of AQCF techniques.  Other cyber-crime organizations will learn from this approach and build out their own capabilities to support whatever business model fits their needs.  As a result, financial services need to re-think how we architect, deploy, and operate our Internet-enabled operations.

Widely distributed content delivery network resources, a broader array of cloud-enabled services, agile real-time system migration operational processes, backed up by multiple layers of network and application layer security defenses seem like the right places to start.  But it seems like that approach may only buy time.  This is a serious business challenge.  In the presence of an attacker who consistently delivers exactly what they announce, business as usual seems risk-inappropriate.  Invest your best and brightest, your most disruptive as well as your most mature human resources in this one.  For some financial services targets may choose to bank on hope — that DDoS will just “go away” or that someone else will invent DDoS-prevention services that turn out to be both cheap and easy.  Some may also lose this battle.

What do you think?

RESOURCES:

al-Qassam Cyber-Fighters on PasteBin: http://pastebin.com/u/QassamCyberFighters

Operation Ababil Phase 3 week 7: http://pastebin.com/vvGSAGCv

Bank Website Attacks Reach New High – 249 Hours Offline in Past Six Weeks: http://redtape.nbcnews.com/_news/2013/04/03/17575854-bank-website-attacks-reach-new-high-249-hours-offline-in-past-six-weeks


%d bloggers like this: