Banks' Leadership in DDoS FightAs Targets Shift, Banks Must Assist Other Sectors
As we mark the one-year anniversary this week of the first announcement of DDoS attacks waged by Izz ad-Din al-Qassam Cyber Fighters against U.S. banks, it's time to call attention to the need for banks to take a leadership role in helping other sectors fend off attacks (see Lessons Learned From Bank DDoS Attacks).
U.S. banking institutions must take the lead in the defense of our nation's critical infrastructure by sharing cyberthreat intelligence with other industries as well as lessons learned about effective defenses.
If other industries don't take these attacks seriously, they will be caught off-guard.
Because of their experience in successfully fighting off distributed-denial-of-service attacks, financial institutions are on the leading edge when it comes to cyberthreat defenses and intelligence sharing via cross-industry collaboration.
In the years leading up to al-Qassam's attacks, many banks were largely complacent about ongoing DDoS threats. Other sectors must guard against this same attitude.
Now that the group's attacks against U.S. banking institutions have waned, other sectors need to be on the alert for the attacks to shift in their direction. Copycats, intent on using DDoS as a cover for fraud or for stealing intellectual property, also could be waiting in the wings.
That's why it's so urgent for banking institutions to share the DDoS intelligence they've gathered with other sectors, in addition to what they share with groups like the Financial Services Information Sharing and Analysis Center and law enforcement agencies, including the Federal Bureau of Investigation and the Secret Service, as well as governmental agencies.
The FS-ISAC has done a good job of encouraging intelligence sharing about DDoS attacks striking banks. But now, it's critical for this same collaboration to take place with other Information Sharing and Analysis Centers in other sectors to ensure all critical infrastructure sectors are protected.
Avi Rembaum of security systems provider Check Point Software Technologies, says the financial services industry, and the vendors that serve it, are prepared to help other sectors, such as government, the media, energy, transportation, healthcare, prepare for DDoS attacks.
"We are trying to become much better at leveraging intelligence," Rembaum says.
It's not just about defending the banks anymore. It's about protecting all components of the nation's critical infrastructure.
Experts have for months stressed concerns about attackers' shifting DDoS targets. al-Qassam's most recent strikes against U.S. banks and credit unions have been ineffective. The group's so-called Phase 4, which kicked off in July, has been unsuccessful - at least so far - at causing significant disruptions of any banking institution.
Still, al-Qassam continues to feed its botnet, known as Brobot, and experts speculate the only reason for this continued growth is a shift of targets. Why would this group keep striking banks when their attacks are having no impact?
"Attackers are looking for a successful angle," says Dan Holden of DDoS-mitigation provider Arbor Networks. "Some industries are concerned about these attacks shifting and hitting them, but not all are. Those who have not been hit before are not really taking the threat as seriously as others, and they're definitely not taking it as seriously as banking."
But if other industries don't take these attacks seriously, they will be caught off-guard. And banks can help by sharing their cyberintelligence (see DDoS: The Need for Updated Defenses).
DDoS: A Lingering Threat
Although Sept. 18 marks the one-year anniversary of al-Qassam's first Pastebin announcement about attacks against the U.S. financial services industry, banks had for years been suffering online outages from DDoS without paying much attention or taking much defensive action (see Alert: Banks at High Risk of Attack).
Granted, the DDoS attacks they suffered before al-Qassam were much smaller in magnitude and force. Nevertheless, sites were being taken down by DDoS attacks, sometimes without banks even knowing it.
Before al-Qassam's strikes, banking institutions often falsely attributed DDoS outages to technical glitches. They didn't have the detection capabilities they have today. And if banks were suffering from this lack of knowledge, it's fair to assume other industries were suffering, and perhaps continue to suffer, from the same narrow perspective.
Today, however, banking institutions appreciate the far-reaching and long-lasting impact these attacks have. Soon, other industries will appreciate this as well.