Some Server Somewhere Got Attacked, So What? Why the last major DDoS attack should catch our attention.

By: (Security +)

Publication: The Community Banker , Winter 2016

The Community Banker Winter 2016

DDoS attack that disrupted internet was largest of its kind in history, experts say,” was the headline from The Guardian on October 26th 2016.  What followed explained how this attack brought down some servers that provided online gaming and streaming video services.  As a banker who may have read a similar article, you may have thought to yourself, “So some kid couldn’t play his video game, so what?”  It is hard to envision how something like a DDoS (Distributed Denial of Service) attack can affect the banking industry, but it can.  First, it is important to understand what a DDoS attack is and then how it relates to information security in the financial industry.

As parents, we cherish our children.  They are they lights of our lives.  Every once in a while, however, they will wear us out.  Imagine trying to talk on the phone to your boss and at the same time your child is asking you questions.  It is very frustrating and you finally get to the point where you melt down.  That, in its simplest form, is how to describe a DDoS attack.  Any time a computer connects to a website, it sends a “hello” message to the server hosting the website.  The server, in response, says “hello” back.  What happens in a DDoS attack is the server receives a hello message from tens of millions of devices at once and becomes too overwhelmed and it shuts down.  The next logical question to be asked is, “How is the attacker able to send tens of millions of hello requests?”  Malicious software called a ‘bot’ is installed on a number of devices all designed to listen for the attack command.

It is important to note, it is not just laptops and desktops that are infected with these bots.  Other internet connected devices such as webcams, smart thermostats and any other device that connects to the internet are susceptible.  A whole collection of these devices that are infected is called a Botnet. Bots are installed to a device in a number of different ways:

  • Surfing to legitimate website that may install software in the background
  • Unpatched devices that have existing vulnerabilities
  • Malicious software installed from a phishing email
  • Ineffective firewall and routing rules

No one wants to find out they helped contribute to one of these attacks, so what needs to be done to help mitigate these threats?  You will find that following some basic guidelines will severely reduce the threat posed by these botnets.  Some of the basic recommendations include:

  1. Practice safe web surfing techniques
  2. Provide a strong internet content filter
  3. Patch all devices with latest updates from the manufacturer.  This does not just include desktop and laptops, but any internet connected device.
  4. Do not click on links in emails or open downloads unless you know what it is.
  5. Make sure your firewall and routing rules are effective against bots

 

In conclusion, poor awareness has led to many of the internet connected devices we use every day being used to attack major servers without us ever knowing about it.  The good news is that by employing basic security techniques, we can mitigate these threats and hopefully bring these attacks to a grinding halt.

 

Dr. Jerrod Pickering, Security +, is a Security and Compliance Consultant for CoNetrix. CoNetrix is a provider of information security consulting, IT/GLBA audits, security testing, and tandem – a security and compliance software suite designed to help financial institutions create and maintain their Information Security Program. To learn more about CoNetrix and their new tandem Phishing tool, visit www.CoNetrix.com.