Thursday, January 31, 2013

Distributed Denial of Service Extorts Ransom


In late 2011, trading services firm Henyep Capital Markets came under a distributed denial-of-service (DDoS) attack that disrupted many of the company's service portals. With the attack came a demand for ransom. The flood of packets that hit the company's trading services topped 35M bps, combining a variety of network traffic types and focusing on both overwhelming the network and overtaxing the firm's application servers.

Rather than acquiesce to the criminals' demands, Henyep hired the firm Prolexic.
The initial DDoS attack caused performance issues on multiple Henyep trading websites for 24 hours. Company management did not respond to the DDoS attackers’ demand for a ransom in exchange for ending the attack. The company’s mitigation engineers restored access to all services on the sites within minutes after routing traffic through Prolexic’s global scrubbing centers where malicious traffic was removed.

Prolexic protects Internet-facing infrastructures against all known types of DDoS attacks at the network, transport and application layers through four DDoS traffic scrubbing centers.
Prolexic DDoS mitigation engineers in the U.S. quickly identified the initial attack as a SYN floodfollowed by multiple GET floods. The attack campaign peaked at 35.30 Mbps (bits per second), 8.10 Kpps (packets per second), and 122.00 Kconn (connections per second) over two days. Prolexic mitigation engineers were monitoring the attacks and counteracting the perpetrator’s changing attack vectors throughout the campaign. As a result, the attackers were unable to take down the Henyep site, nor disrupt services despite the length of the attack.

Recently, DDoS attackers tried to take down Henyep’s trading operations again with a 30 MbpsICMP flood and GET flood without success due to Prolexic DDoS protection. Throughout 2012, Henyep, like many other financial services companies, has continued to be the target of DDoS attackers, but Prolexic’s DDoS mitigation services have prevented any downtime.

With bandwidth capacity in excess of 800 Gbps, Prolexic’s in-the-cloud DDoS protection transfers DoS and DDoS attacks that overwhelm others.  A proven network of DDoS scrubbing centers are located in London, Hong Kong, San Jose, California and Ashburn, Virginia.

Our DDoS scrubbing centers are supported by four Tier 1 global telecommunications carriers. It means we Prolexic mitigates the largest DDoS attacks by substituting immense anti-DDoS bandwidth. It can provide DDoS protection services for multiple clients and fight multiple DDoS attacks at once.
When a DDoS attack is detected, our DDoS protection services are implemented within minutes. Upon activation of DDoS protection, a Prolexic customer routes in-bound traffic to the nearest Prolexic scrubbing center, where proprietary DDoS filtering techniques, advanced routing, and patent-pending anti-DoS hardware devices remove DDoS traffic close to the source of the botnet activity. Clean traffic is then routed back to the customer’s network.

Because Prolexic dedicates more bandwidth to DDoS denial of service attack traffic they can provide protection even agains the largest and most complex DDoS attacks. Prolexic uses over 20 DDoS mitigation technologies – many of them proprietary.

Prolexic mitigates every type of DDoS attack at every layer including Layer 3, 4, and 7. We even have a proven solution against encrypted attacks that vandalize HTTPS traffic in real time. Further, we use certified FIPS-140-2 Level 3 key management encryption tools with passive SSL decryption for extremely high performance.

Summary
DDoS attacks can be blunted and then eliminated through high bandwidth capacity networks. Often DDoS attackers who see traffic has been re-routed through our DDoS mitigation network immediately abandon their attacks.

No comments:

Post a Comment

For comments please e-mail paul@strassmann.com