InfoSec 2013: British Banks Threatened By DDoS Boom

British banks are preparing for a massive distributed denial of service (DDoS) onslaught, as the same group that hit US banks shifts some of its attention to European organisations.

Operation Ababil, which is being led by a group of attackers calling themselves the Izz ad-Din al-Qassam Cyber Fighters, pummelled US banks this year and last, taking their customer-facing services offline.

Bank of America and Wells Fargo took particularly nasty hits, with application layer attacks and other DDoS strikes measuring up to 70Gbps leaving online accounts inaccessible for many.

The hacking group, which claims it is taking action over the appearance of a controversial video entitled “The Innocence of Muslims”, has now turned its attention to European organisations, according to a number of security experts. Some believe the group are nation state-funded, with Iran cited as the most likely sponsor.

DDoS strikes banks

A handful of major European banks have been disrupted by DDoS attacks in recent months, including HSBC and ING, which warned on its Dutch site earlier this month its customer-facing systems had been hit. US banks continue to be  disrupted, after a fresh campaign was kicked off earlier this year.

TechWeekEurope understands HSBC was targeted by Operation Ababil, but it is unclear whether ING was hit by the group.

Dell SecureWorks is investigating the technical side of the campaign, working with law enforcement, and Don Smith, technology director at the security firm, said there were “segments of the market that are very concerned about the impact of DDoS”.

Smith warned DDoS could be conducted on a large scale with “relative ease”, saying DDoS was becoming a risk not just to the Internet economy, but to the general economy too. “It’s not good.”

At the same time, DDoS attacks are getting ever more frightening. Figures from Arbor Networks, taken from over 250 global ISPs and Arbor’s customers, showed this year had already seen a large number of super-powered attacks. The number of attacks over 20Gbps is already almost equal to the figure of the entirety of 2012.

Of the attacks Arbor was able to trace, 17 percent came from China, making it the number one source of DDoS strikes, compared to 15 percent in the US.

Akamai reported in its State of the Internet report the number of DDoS attacks has grown by more than 200 percent year-over-year, as its customers reported 768 DDoS attacks in 2012. The commerce industry was the number one target.

It is believed a new DDoS record was set last month, when attacks aimed at taking anti-spam group Spamhaus offline saw a 309Gbps attack on a Tier 1 network provider.

UK banks are certainly concerned about the threat of DDoS. Joerg Weber, head of global attack monitoring at Barclays, told TechWeekEurope DDoS was something that had very high visibility at both the board and technical levels.

But it is not the sheer scale of attacks that scares Weber. In fact, massive DDoS strikes are easier to detect and therefore mitigate, he explained.

“If you throw someone 300Gbps it is easy to fingerprint, but if you throw 50Gbps it is a lot more difficult to fingerprint and block,” he added.

“The figures in themselves I’m not that bothered about – it’s more what type of attack is it, what does it consist of and how does it fit our mitigation strategy.”

According to Arbor’s director of research Dan Holden, Operation Ababil’s attacks have focused on the application layer, targeting pieces of the banks’ websites rather than throwing epic amounts of traffic at ports. And that’s what European firms should really watch out for.

What do you know about Internet security? Find out with our quiz!