DDoS attack: Threat of the month

The largest scale of internet attacks enlist thousands or tens of thousands of previously hacked computers to simultaneously attack and overwhelm the websites and e-commerce services of selected victims.

Whilst there is often media coverage of the victim organisations affected, and sometimes discussion about the motivation of the attackers, there is rarely any awareness by those computer owners that are participating in attacks and facilitating online crime.

Take a recent example from one of our clients. A server belonging to one of our customers in the London-based financial services industry was observed participating in Distributed Denial of Service (DDoS) attacks against a range of websites, as well as being involved in suspected criminal financial deals.

The server was observed making huge numbers of connections over a period of a few hours to a variety of foreign websites dedicated to online gaming. This was unusual compared to its normal everyday activities, which raised a warning alert. After further research, we discovered that the customer’s server had been indiscriminately hijacked by a hacking group from South-East Asia and was being used in a large-scale DDoS attack against a range of target websites.

After discovering that one of the websites that was being attacked had previously been taken over by a hacking group, we were also able to attribute the DDoS attack to a rival hacking organisation using the hijacked customer’s server as a tool to take revenge on the first group.

Following this attack, it was subsequently observed that the same customer’s server was connecting to a website that facilitated criminal financial activity, indicating that the attackers were still in control of the server and was using it to carry out clandestine financial operations.

Often, transactions of this type involve money laundering and payment for carrying out online criminal activity such as targeted attacks against both criminal and legitimate targets. The attackers had actually bypassed all of the customer’s traditional security defenses and monitoring, so having the right kind of software in place, meant they were able prevent further use of it to attack others.

This is just one example of how an organisation can be vulnerable to the attack. Only if the right systems and software are in place, can organisations compete with the potential attacks they face on a daily basis.

Dave Palmer, Director of Technology at Darktrace

Image source: Shutterstock/Profit_Image