Articles Marketmedia

Threats of Cyber Attack Mount

Written by Terry Flanagan | Oct 11, 2013 6:08:37 PM

When the Syrian Electronic Army hacked the Twitter account of the Associated Press and sent out a fake tweet about an explosion at the White House that injured President Obama, causing the markets to drop sharply, the incident underscored the vulnerabilities of a financial system that depends on servers and networks.

“There are many varieties of DDoS [Distributed Denial of Service] attacks, but they are net –based and designed to disrupt web apps,” said Chris Richter, vice president of security products and services at data center provider Savvis. “These attacks use thousands of internet-connected computers that are distributed and are all directed to attack a given website all at once. The result is that an unprotected website could be crippled so its response time is agonizingly slow or taken out completely.”

These armies of computers are called botnets, made up of individual computers that have been infected with malware that allows attacker to take control. Attackers build Command and Control Centers (C&Cs), which is another layer of compromised computers, typically infected servers that are used to communicate their orders to fleet of bots computers.

“The attackers are becoming more sophisticated and attacks are becoming more complex,” Richter said.

The traditional botnet consisted of compromised desktop computers, but there’s a growing trend toward constructing botnets out of web servers located in hosting facilities with huge amounts of bandwidth at their disposal form systems that have been compromised.

“These servers are capable of mounting much larger attacks with a relatively small number of bots,” Richter said.

SEC chairman Mary Jo White outlined the importance of making the financial system more robust, so that it can withstand attacks and get back to functioning more quickly following an outage.

Mary Jo White, SEC

“The shutdown of the Nasdaq consolidated data processor confirmed that we cannot wait for, nor rely solely on, this proposed regulation [Regulation SCI] to address especially single points of failure where a disruption can have an impact across the entire national market system,” White said in a speech earlier this month.

White with executives of the exchanges last month and challenged them to together develop and implement the necessary steps to improve the resilience of the technology surrounding critical market infrastructures.

“We expect to receive comprehensive action plans that address the standards necessary to establish highly resilient and robust systems for securities information processors,” White said. “I have also asked the SEC staff to engage the exchanges, clearing agencies, and Finra to conduct a “mapping” of other critical infrastructure systems and provide assessments of their robustness and resilience.”

Attackers can purchase development kits with which they can build their own botnets for as little as $700 and botnet rentals can be bought for as little as $50. These tools are equipped with GUIs and intuitive control panels that make it easy for novices to execute fairly sophisticated attacks.

“There’s a lot of money to be made in cybercrime,” said Richter. “There’s a sophisticated and mature industry that is assisting the support and growth of DDos attacks and cybercrime as a business.”

Disrupting or disabling a target’s website is not always the primary objective. “We are seeing a growing number of attacks that comprise both DDoS and application layer attacks,” Richter said.

These attacks are designed to distract a company with a volumetric DDoS attack that diverts the target’s attention, while the attacker compromises the customer’s vulnerable web apps with malware.

“There are well-publicized examples of blended attacks, which can have disastrous impact on companies, which can suffer hundreds of millions of dollars in data and intellectual property loss, even the livelihoods of individuals employed by the targeted company,” said Richter. “The effects of attacks can be far more devastating than just dealing with the DDoS outages.”