While cyber threats become more commonplace, sophisticated and damaging for financial institutions, one type of threat that has remained pervasive is the denial-of-service attack, or DoS. DoS is a cyber event where an attacker seeks to prevent legitimate users from accessing computer systems, devices or other online resources. The perpetrator floods the victim’s machine or network with false requests to overload the system and prevent legitimate access.
Cybercriminals have taken this form of attack to the next level with Distributed Denial of Service (DDoS) attacks which, while similar to a DoS attack, differs in that the incoming requests or traffic come from more than one source – something that makes it extremely difficult to stop.
To better understand the nature of a DDOS attack, consider the analogy of a supermarket. If you are a shopper and only have two or three items, you can usually go through the check-out line quickly. However, if the store only has one register open and there are several people in front of you with baskets full of groceries, they are essentially denying you service to that cash register due to the amount of items that must be processed. If that same store has multiple check-out lines open, and they all have long lines, you are being blocked access to the cash register from multiple sources.
How DDoS Works
To execute a DDoS attack, an attacker sends malicious software to vulnerable devices, often through infected emails, attachments, websites and even social media, creating an entire network of infected machines and devices called botnets. The attacker can then control the botnets remotely and send an influx of traffic to flood the network or target by sending huge amounts of random data or connection requests. The infected devices will show no signs of attack and will continue to function normally, but will have the occasional sluggish response due to the lack of available bandwidth.
The scale and sophistication of DDoS attacks has increased considerably over the years. In fact, according to a report from Verisign, one third of all downtime incidents have been attributed to DDoS attacks. Attackers often hold the organization’s website or device for ransom, performing a small example of the attack to show the victim what will happen if the ransom is not paid.
A recent botnet called Mirai, reared its head in 2016 and infected unsecured internet of things (IoT) devices such as DVRs, home routers, printers and IP cameras. These devices are vulnerable to attack since they are not required to have the same level of security as computers. The Mirai botnet was responsible for DDoS attacks on several high-profile websites such as Twitter, Reddit, Netflix, and Airbnb.
Impact of DDoS Attacks on Financial Institutions
Financial institutions are prime targets for DDoS attacks due to both the large amount of private data and monetary funds that they house, and as they continue to expand their use of digital channels and outsourced services, the possibility of an attack increases as well.
A well-executed DDoS attack can interrupt a host of banking services including website access, ATM networks, and online banking platforms, in addition to internal systems and functions that help the bank operate and serve customers. Beyond the operational impact is the resulting damage to the institution’s brand equity and reputation when customers are prohibited from accessing their financial information and funds.
Combating DDoS Extortion
To combat DDoS extortion, financial institutions should have a solid plan in place to identify all critical services as well as vendors and the organizations that host them; know who to contact and notify in case of an attack; and ensure that all employees are trained and ready to execute the plan. In addition, financial institutions should also contact the cyber division of the FBI, the Financial Crimes Enforcement Network (FinCen), and their local regulator to report the attack.
DDoS attacks remain unpredictable and can seriously disrupt your institution’s business operations. All financial institutions need a solid plan in place to be prepared, not if, but when a cyber event like this occurs.