Payment processing firms could be the next target for
criminals who threaten distributed denial of service attacks on
businesses to extort money from them, experts have
warned.
According to research by the Honeynet Project, a non-profit
internet security organisation, between November and January, there
were 260 distributed denial of service attacks against 99 specific
targets. In some instances, a network of up to 50,000 compromised
PCs was used to launch the attacks.
"We have seen various motives behind internet attacks - some
political, some protests, but extortion is the most serious and has
been on the increase over time. The only question the extortionist
will ask is: will they pay?" said Kevin Regan, security consultant
at Cisco Systems, which has developed a distributed denial of
service mitigation system.
One company that faced extortion threats is online payments company
Nochex. The company managed to avoid paying the blackmailers by
using Cisco's Guard distributed denial of service mitigation server
appliance, implemented at service provider Pipex.
Asif Malik, technical director at Nochex, said the firm's website
was brought down at the end of last year, and it received an e-mail
demanding $10,000 (£5,500) to prevent further attacks.
But rather than concede, Nochex chose to move to the Cisco Guard
service, then called Riverhead, which protected the company's
network from further attacks until the extortionists gave up.
"Companies need to stand up to these people - there are fixes
available," said Malik.
The distributed denial of service mitigation system was able to
ensure that hostile traffic directed towards Nochex was intercepted
and "cleaned up".
"Pipex used technology that would allow the attack traffic to be
cleaned effectively, which could be used by a service provider or
even an enterprise, and the problem is probably best dealt with
upstream," said Regan.
Energis and Cable & Wireless are among the other service
providers that offer distributed denial of service mitigation. Top
Layer Networks offers mitigation services to ISPs with Top Layer
Attack Mitigator IPS 5500-50.
Establishing the layers of defence
- Network providers such as Cisco have built technology into
routers to monitor traffic and spot distributed denial of service
attacks.
- Service providers can see when a distributed denial of service
attack is under way, through increased network traffic and server
loads.
- Highly resilient, scalable networking and server equipment in
the datacentre can help mitigate against a distributed denial of
service attack.
- If the attack takes place in the network's "last mile",
distributed denial of service guard technology can divert traffic
and filter out the attack.