dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
6

La Luna
Fly With The Angels My Beloved Son Chris
Premium Member
join:2001-07-12
New Port Richey, FL

1 recommendation

La Luna to Link Logger

Premium Member

to Link Logger

Re: In Cyberattacks on Banks, Evidence of a New Weapon

said by Link Logger:

Not even close to being a state-sponsored attack, just a run of the mill DDOS attack by hacker group with an agenda, not like there aren't a ton of those about.

Blake

A group claiming Middle Eastern ties, the Izz ad-Din al-Qassam Cyber Fighters, took credit for the attacks online. They claimed to have taken the Web sites down using basic online applications. But security researchers said those methods were far too amateur to have been effective.

Indeed, representatives for PNC, U.S. Bank and Wells Fargo all said that while they had systems in place to fend off such “denial of service, or DDoS attacks
in which hackers bombard a site with traffic until it falls offline;....


Apparently, the banks say they could defend against simple DDoS attack, but this was something more. That's what I get out of it anyway.

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger

MVM

The deal is more bots, and more bots with fatter pipes equals better DDOS attack, so the first issue here isn't that they attacked and dropped banks, the first issue is this bot crew was able to comprise and add to their bot army sites with bigger pipes which tends to indicate their initial attacks have gotten better as they are owning more commercial/active sites sites. Toss in some aspects around smarter proxy usage and bingo better and more difficult to stop DDOS attacks.

Years ago you would dream of owning a University because they had nice fat juicy pipes, but now just about every Tom, Dick and Jane has a ample pipe connecting them from home such that even if nothing else changed (ie number of systems involved etc), DDOS attacks will only ever get bigger.

I would be very entertaining to track back the systems involved in the attack and see how many are in China for example (only implying that systems are easier to own in China then elsewhere and not that that this is a Chinese state sponsored attacks).

Blake

KodiacZiller
Premium Member
join:2008-09-04
73368

KodiacZiller

Premium Member

said by Link Logger:

The deal is more bots, and more bots with fatter pipes equals better DDOS attack, so the first issue here isn't that they attacked and dropped banks, the first issue is this bot crew was able to comprise and add to their bot army sites with bigger pipes which tends to indicate their initial attacks have gotten better as they are owning more commercial/active sites sites. Toss in some aspects around smarter proxy usage and bingo better and more difficult to stop DDOS attacks.

Yeah, since many of these higher end servers are running Linux or another Unix variant, sometimes the admins get complacent with security. The truth is, you don't need root access to utilize the box for a DDOS. All you need to do is compromise the server software (Apache) or some other unprivileged process. From there you just put your bot code in userspace and you're good to go.

This is why I think MAC systems should be mandatory on a server, especially a high value server. If you are a Linux server admin and aren't running SELinux or AppArmor you're stupid. These days it is not about getting root, thus you have to secure userspace too.