Banks should brace for massive DDoS attacks this year, warns Ovum


Banks will face increasing massive-scale DDoS attacks from hacktivists this year, in addition to the smaller scale DDoS attacks used by cybercriminals to distract IT teams from detecting theft, predicts market research firm Ovum.

"DDoS attacks have undergone significant evolution over the past year. On the one hand they have grown larger, even while their average individual duration has actually decreased," observed Rik Turner, senior analyst for financial services technology at Ovum.

"Attacks the size of those mounted in Operation Ababil are still the outliers rather than the norm," Turner added.

Operation Ababil involved a series of coordinated DDoS attacks against U.S. banks carried out in the fall of 2012. Bank of America, JPMorgan Chase, Wells Fargo and PNC Bank were the primary targets of the attacks, which disrupted service to their online banking portals.

Cyber threat information sharing carried out by the Financial Services Information Sharing and Analysis Center helped thwart the campaign, which was carried out by a group calling itself Izz ad-Din al-Qassam Cyber Fighters.

Turner noted that banks will continue to face more targeted DDoS attacks, particularly those from cybercriminals intent on stealing money: "We have seen a trend of DDoS attacks being blended into other activities in order to throw banks off the trail of more financially motivated exploits. By employing a DDoS alongside an account hacking attack, the criminals hope to enjoy more time to transfer funds and remove traces of their activities."

Turner recommends that banks consider cloud-based security products to help them deal with large-scale DDoS attacks and filtering to help with more targeted attacks.

For more:
- check out Turner's analysis

Related Articles:
FS-ISAC threat information sharing helped thwart DDoS attacks against US banks
What next year may hold for banks' cyber security
DDoS blitzkrieg hits financial firms