Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

DDoS Attacks being used to camouflage fraud attacks

Prolexic Technologies : 29 August, 2013  (Technical Article)
Prolexic issues threat advisory warning of increased fraud and identity theft attakcs being masked by DDoS attacks
DDoS Attacks being used to camouflage fraud attacks

Prolexic has shared attack signatures and details that are helpful to detect and stop DDoS attacks from the Drive DDoS toolkit, an attack tool often used as a source of distraction while criminals break into customer accounts at finance firms and e-Commerce businesses.

DDoS attacks from the Drive DDoS toolkit and other variants of the Dirt Jumper toolkit can sidetrack IT security personnel while criminals attempt to transfer funds out of bank accounts, gather passwords for later use, or place unauthorized orders. Because attacks from this criminal DDoS toolkit are associated with identity theft, recognizing the Drive toolkit as the source of a DDoS attack can lead financial institutions, banking, insurance, investment firms, brokerages or e-Commerce firms to suspect and investigate possible fraudulent access of customer accounts that may have occurred during the attack.

“During the confusion of a DDoS attack, malicious actors can break into the financial and e-Commerce accounts of customers without being noticed,” warned Stuart Scholly, President at Prolexic. “IT departments are typically so focused on the damage caused by the DDoS attack that they don’t realize it may merely be a planned distraction while criminals loot customer accounts.”

The Drive toolkit, which is being leaked in underground hacking forums, has been the source of multiple recent DDoS attacks observed by the Prolexic Security Engineering and Response Team (PLXsert). The tool is a newer variant of the Dirt Jumper family of DDoS toolkits, one of the most popular denial of service attack tools in use today.

“In recent weeks, Prolexic has detected, stopped and mitigated DDoS attacks launched against our clients from the Drive DDoS toolkit,” said Scholly. “Although these attacks are cousins to Dirt Jumper DDoS toolkit, they have new signatures and communication patterns. In all cases, Prolexic mitigated attacks from the new toolkit in minutes, as promised in our service level agreement.”

Six types of DDoS attacks are built into the Drive toolkit, allowing attackers to launch a variety DDoS attacks. The tool features GET floods, POST floods, POST2 floods, IP floods and IP2 floods directed at the application layer as well as UDP floods, which target network infrastructure. Encryption allows malicious actors to hide their identities.

“Companies often don’t realize they are under attack from the Drive toolkit, because application attacks increase server utilization without excessive network traffic,” Scholly added. “The information in the threat advisory can help detect these attacks quickly.”

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo