Held for ransom: financial institutions hit hard by DDoS attacks
In Margaret Atwood’s iconic dystopian bestseller, The Handmaid’s Tale, the very first sign of the horror to come occurs as the main character does the most mundane thing possible: buying a cup of coffee. In this near-future setting, everyone relies on “credit sticks” for purchases, much like the current market penetration of credit cards, debit cards, and mobile wallet apps. When her credit stick is declined at the coffee shop, the woman goes on to discover that all of her money is gone.
The world of fiction isn’t too far off from the reality of the next major method of cybercrime, especially ones that hit financial institutions. Rather than the Hollywood-style hacking crimes in which computer masterminds drain all of the virtual money from a bank online, the more realistic threat is a DDoS attack that floods a bank’s network and brings all transactions to a halt. As cyber thieves have found out, there’s serious money to be made in blocking customers from accessing their accounts by holding a financial institution for ransom.
What happens in a DDoS attack?
Distributed denial of service attacks have hit companies of every size and industry in recent months. Social media sites, streaming entertainment services, hospitals and medical centers, and of course, financial institutions have already suffered from this highly disruptive and costly type of incident. A university network was recently crippled after hackers used the school’s own IoT devices to overload the system with random, repetitive web searches. Lloyd’s Banking Group was hit in January with a DDoS attack that disrupted service over a period of three days. In that particular case, the hacker demanded a ransom of nearly $100,000 in Bitcoin to stop the attack and resume customers’ access to their funds.
While DDoS attacks are nothing new, they’re certainly on the rise. In fact, according to the Worldwide Infrastructure Security Report’s survey of more than 350 stakeholders, 53% of those said they experienced more than fifty attacks in a given month. That number represents an increase of 44% over 2015 numbers.
Some industries are at greater risk than others
In 2016, there was a shocking number of ransom-based DDoS attacks lobbed at hospitals and medical facilities. This was largely due to the fact that those businesses were very likely to simply pay the ransom rather than try to undo the damage themselves. The disruption to normal operations wasn’t just an annoyance, but rather a threat to patients’ lives and the resulting lawsuits would have been unimaginable. At the same time, patient confidentiality had also been compromised, and the government-imposed fines for those violations would have dwarfed the mere ransom exponentially.
Now, financial institutions have come into the hackers’ crosshairs. The potential damage to their reputations in an industry that relies on customer confidence might be reason enough to quietly pay up, and the possibility that the government will impose punitive fines for failing to protect the customers’ assets is certainly a concern. Of course, if a DDoS attack results in a personal financial loss to even one customer – such as an important deal falling through because the funds cannot be accessed – the lawsuits can prove even more costly than any Bitcoin demand.
Mitigating a DDoS attack is the best defense
There’s an unfortunate consequence for the victims of this kind of attack: without a plan in place to mitigate a DDoS attack, many businesses may find themselves in the position of paying the ransom to avoid further damage.
Financial institutions face a unique burden that makes them especially big fish to fry, and that’s the ease of planning an attack around key calendar dates. The last business day of the month, for example, is an especially high-volume day as companies close out their records and customers deposit monthly paychecks. Fridays might also prove to be an effective day because knocking out service on a Friday means customers won’t be getting to their funds for three days.
The best response begins with a mitigation playbook
With the data clearly demonstrating a rise in DDoS attacks, especially against financial institutions, mitigation isn’t something that can be ignored. Knowing how to respond, and adopting the mindset that this type of crime isn’t a matter of if but rather when, are the very first steps in taking action.
One of the most critical pieces of advice is to understand that paying the ransom is no guarantee that the attacks will stop or that the network will be released. In fact, the opposite may prove true; once a financial institution has proven they are willing to pay up, the extortion may actually escalate. Other companies, like MeetUp.com, have gone even further; not only will they not pay the ransom, they have actively sought assistance in taking down the hackers who launched the attack in the first place. However, sicking the internet on the bad guys only works if your website isn’t down thanks to an attack in progress. Both of these tactics are laudable and effective, but only if you have mitigation strategies in place to protect you.
DDoS attacks are in no way trivial – for any type of business, but especially those that are high-stakes industries – and mitigation is best left to the professionals. Leading mitigation services employ strong, multi-layered methods of protecting institutions from disruptive activity, which means your bank won’t be taken by surprise in the next wave of cybercrime.
Chloe Marchbank wrote an article to explain the dangers of DDoS attacks and how they might be mitigated. At her request, we include it here. We appreciate the opportunity Chloe has given us to share this valuable information concerning cyber crime with our readers.