According to a new report by cyber security and network diagnostics firm NetScout there were 5.4 million distributed-denial-of-service (DDos) attacks in the first half of 2021, an 11% increase on the same period last year. More than half of these attacks – 2.8 million – had some form of botnet, which is a network of private devices (including Internet of Things devices) infected with malicious software, representation in them.
The report, ‘The Long Tail of Attacker Innovation’, also tracks where the attacks are coming from and how the cyber threat landscape is evolving. For example, the Lazarus Bear Armada (LBA) DDoS extortion campaign, which last year started targeting commercial banks and market institutions such as the New Zealand Stock Exchange, has expanded to other industry sectors. This year a new campaign, called Fancy Lazarus, has emerged to target internet service providers.
In addition, professional ransomware gangs have added triple extortion attacks to their arsenal. “By combining file encryption, data theft and DDoS attacks, threat actors have hit a ransomware trifecta designed to increase the possibility of payment,” said the report.
According to NetScout, 50% of the targeted organisations were in the financial industry. Commercial banks and payment card processors, for example, saw more than 7,000 attacks during the first half of 2021. While this might seem small compared to the overall numbers, several of these attacks were successful and negatively impacted both the targeted organisations and downstream consumers attempting to use credit cards.
“Given the fact that credit card processors can service as many as 5,000 transactions per second, even a few minutes of downtime can result in millions of dollars in lost revenues, not to mention negative brand impact and broad-based customer churn,” said the report.
As illustrated by the Fancy Lazarus campaign, cyber criminals are also increasingly attacking companies that underpin internet connectivity, such as cloud hosting or software-as-a-service providers. Even if the attack does not take the provider fully offline, it can knock out services for hundreds of thousands, if not millions, of customers.
In today’s Banking in Transition podcast, Richard Hummel, Atlas security engineering and response team threat intelligence lead at NetScout, outlines what banks can do to better protect themselves. First, he cautions that it is not a matter of if an institution is going to be attacked but when that attack will happen, mainly because the world is so interconnected. “Even if [a bank] is not the intended target of an attack, it can experience outage disruptions and latency issues because of an attack against someone else,” he says.
As such, preparation goes a long way in securing an organisation. Mr Hummel believes that having some form of protection in place from a professional security service provider can get an organisation 80% of the way there. “The other 20% is going to be things like ensuring proper network set-ups, that critical assets aren’t clumped together and that network redundancies are in place, so that if your domain name system server goes down you can pivot to another one,” he says.
For large organisations, he also advises running realistic scenarios and real-time testing, “so that if a DDoS attack hits you, you understand to what degree you are protected and when you need to offload support to someone else”. He also recommends ‘Red team’ exercises, where an organisation launches an attack against themselves.
For approximately 80% of attacks, organisations that have implemented the relevant industry best current practices will be able to maintain availability in the face of DDoS attacks with little or no ad hoc reaction measures, according to the NetScout report. The remaining 20% of attacks will require defenders to optimise defences based on factors such as attacker behaviour and vector selection.
Joy Macknight is editor of The Banker. Follow her on Twitter @joymacknight
Register to receive the Editor’s blog and in-depth coverage from the banking industry through the weekly e-newsletter.
