Financial institutions have always been the targets of criminals, forcing them to implement complex and sophisticated security measures against attacks.
The digital frontier only provided new fertile ground for increasingly creative cyber criminals and forces banks to evolve their own counter-strategies and continually increase vigilance against hackers, thieves and cyberterrorism. Because there are ways to counter the threat; read on for ways financial services organizations can develop a strong protective strategy.
The dawn of DDoS
The online world got its first wakeup call in 2000, when a 15-year-old hacker known as Mafia-Boy brought down E*Trade, Amazon, CNN, Dell, eBay and Yahoo! by launching the first Distributed Denial of Service (DDoS) attack. DDoS attacks attempt to overwhelm the targeted systems by hammering them with traffic from multiple sources, known as botnets, and they’re being used against banks at an alarming rate. Cyber criminals might hack target bank systems and financial services hosting providers and subsequently demand ransom (Ransom Denial of Service or RDoS) for the release of the network, or to prevent the release of sensitive data stolen during the attack.
A growing threat
The advancement of the Internet of Things has also helped increase the potential for attacks. In late 2016 an incredibly aggressive series of DDoS attacks impacted much of the U.S. East Coast, taking down a number of high-profile websites, including Reddit, The New York Times, Spotify and Wired. These attacks were caused by Mirai, a powerful bit of malware capable of hijacking internet-connected consumer devices such as webcams, internet routers and other smart devices, to create a massive botnet.
The Mirai source code was later published online, making it possible for just about anyone to initiate a powerful DDoS attack, regardless of their level of technical expertise. ISPs and well-informed consumers have taken precautions to help prevent and mitigate these botnet attacks, but an estimated 11 billion internet-connected devices are now online, with the potential to be recruited into a botnet and used for a DDoS or RDoS attack.
The motivation behind an attack can range from simply creating a nuisance for the target or helping the attacker gain notoriety, to censorship and corporate sabotage, but the main driving force is often financial. The potential for monetary gain resulting from these coordinated attacks means that financial services markets and cryptocurrencies will continue to be a primary focus for criminals.
As the frequency, complexity and duration of DDoS attacks have increased, so have the costs associated with recovery. The financial impact of a DDoS attack can cost more than $120,000 for small and medium-sized businesses, and over $2 million for enterprises. Businesses can’t afford to ignore the risk and must be prepared for possible attacks.
Financial services companies in particular need security teams who can develop proactive strategies to ensure business resiliency and to protect sensitive customer data and their reputations. It’s vital that your internal IT teams and external service providers collaborate to develop action plans with detailed strategies for identification, mitigation and attack response.
Creating these playbooks ahead of time ensures quick diagnosis and response to possible attacks, limiting the potential damage of the impact.
Developing your DDoS/RDoS strategy
Your DDoS/RDoS strategy requires a few key components to be effective.
- What do your network and application performance patterns look like today? Monitoring your systems and benchmarking your results will ensure that you know which spikes and valleys are normal, and which require a closer look. Work with your service providers to confirm that all external services and applications are equally well monitored and documented.
- Educate your teams on the types of DDoS attacks and implement security systems designed to identify, respond and mitigate issues automatically. Make sure you have the contact numbers, support information and contracts documented for your DDoS response team. Having this information easily available can buy your team crucial seconds as they respond to attacks.
- Harden and scale your network. The more bandwidth you have, the better off you’ll be when your systems are attacked. However, over-provisioning can be a massively expensive strategy and should not be relied upon to give you more than a few seconds of additional response time.
- Consider including a DDoS mitigation specialist team for on-call scrubbing and resolution of massive attacks, and work with a hosting or managed services provider that provides DDoS protection for your critical business systems.
At Rackspace, we understand the value of security and we know how vital it is to keep your sites and systems online and accessible. Our DDoS Mitigation Services have been developed to help minimize the risk of attack with proactive security controls, including comprehensive traffic monitoring and multilayered anomaly detection technologies. And we can provide immediate DDoS attack mitigation to help keep your data secure and your business online during an attack.
We’ve also partnered with Incapsula and Cloudflare to provide DDoS Mitigation Services for your Rackspace-managed applications and sites hosted on AWS, Azure or Google Cloud. These services are all backed by Fanatical Support from our DDoS specialists 24x7x365.