Payment processing firms could be the next target for criminals who threaten distributed denial of service attacks on businesses to extort money from them, experts have warned.
According to research by the Honeynet Project, a non-profit internet security organisation, between November and January, there were 260 distributed denial of service attacks against 99 specific targets. In some instances, a network of up to 50,000 compromised PCs was used to launch the attacks.
"We have seen various motives behind internet attacks - some political, some protests, but extortion is the most serious and has been on the increase over time. The only question the extortionist will ask is: will they pay?" said Kevin Regan, security consultant at Cisco Systems, which has developed a distributed denial of service mitigation system.
One company that faced extortion threats is online payments company Nochex. The company managed to avoid paying the blackmailers by using Cisco's Guard distributed denial of service mitigation server appliance, implemented at service provider Pipex.
Asif Malik, technical director at Nochex, said the firm's website was brought down at the end of last year, and it received an e-mail demanding $10,000 (£5,500) to prevent further attacks.
But rather than concede, Nochex chose to move to the Cisco Guard service, then called Riverhead, which protected the company's network from further attacks until the extortionists gave up. "Companies need to stand up to these people - there are fixes available," said Malik.
The distributed denial of service mitigation system was able to ensure that hostile traffic directed towards Nochex was intercepted and "cleaned up".
"Pipex used technology that would allow the attack traffic to be cleaned effectively, which could be used by a service provider or even an enterprise, and the problem is probably best dealt with upstream," said Regan.
Energis and Cable & Wireless are among the other service providers that offer distributed denial of service mitigation. Top Layer Networks offers mitigation services to ISPs with Top Layer Attack Mitigator IPS 5500-50.
Establishing the layers of defence
- Network providers such as Cisco have built technology into routers to monitor traffic and spot distributed denial of service attacks.
- Service providers can see when a distributed denial of service attack is under way, through increased network traffic and server loads.
- Highly resilient, scalable networking and server equipment in the datacentre can help mitigate against a distributed denial of service attack.
- If the attack takes place in the network's "last mile", distributed denial of service guard technology can divert traffic and filter out the attack.
This was first published in May 2005