DDoS attacks rock U.S. financial institutions
According to Litan, the shutdown was very similar to the denial of service hacker attacks which have plagued U.S. financial institutions for quite some time. The websites of several of the nation’s largest banks, including Wells Fargo & Co. (NYSE:WFC) and others, have been shut down temporarily due to the hacker attacks. The attacks have happened multiple times on the same big banks.
Cyber Fighters of Izz ad-Din al-Qassam, a hacking group from Iran, has claimed credit for those attacks, although so far no such claim has been made for Thursday’s shutdown of the NASDAQ stock exchange. Litan notes that the NASDAQ would be an attractive target for the group because it is extremely visible. The group’s attacks are generally aimed at making a statement by causing a very public disruption.
NASDAQ outage had strange timing?
Kaspersky Lab senior researcher Roel Schouwenberg told USA Today that the timing of the NASDAQ outage was interesting because it came within 48 hours of a major glitch reported at Goldman Sachs. In that glitch, the firm set wrong pricing limits and selling algorithms which affected contracts for major public companies. The result was options being sold for a song.
According to Schouwenberg, the NASDAQ outage and the Goldman Sachs glitch could both have been the results of hacking attacks. The researcher notes that the motive could either have been political, like with the Cyber Fighters, or financial, like a recent digital heist which emptied numerous accounts of a major bank recently. In that heist, the cyber criminals launched a DDoS attack on the bank to distract its IT crew and then started emptying bank accounts using an employee’s account.
Originally posted on: http://www.valuewalk.com/2013/08/nasdaq-outage-similar-to-ddos-hacker-attack/
Although NASDAQ denies hackers were to blame for Thursday’s shutdown, some security officials believe it could be similar to the type of shutdown that would occur due to a hacker attack.
Although NASDAQ officials say Thursday’s shutdown of the exchange was not the result of a hacker attack, security analysts say it could have been. Byron Acohido of USA Today spoke with Avivah Litan, a banking security analyst with Gartner.
To protect your website, you need to be able to block or absorb malicious traffic. Webmasters can talk to their hosting provider about DDoS attack protection. They can also route incoming traffic through a reputable third-party service that provides distributed caching to help filter out malicious traffic — reducing the strain on existing web servers. Most such services require a paid subscription, but often cost less than scaling up your own server capacity to deal with a DDoS attack..
Through the continued collaboration of the many stakeholders involved in improving the Internet, a number of efforts can help to reduce the threat of DDoS attacks.
For example, ten years ago the Network Working Group of the Internet Engineering Task Force published BCP 38 (also known as RFC 2827) as a best practice guideline for how ISPs and hosting providers can filter fake IP addresses to reduce the impact of DDoS activity on themselves and others. Unfortunately, many ISPs have still yet to implement these best practices, preventing its benefits from being fully realized by the wider internet community.