DDoS attacks the result of compromised websites
The last several months have challenged website security and availability at major financial institutions in the United States. After a number of distributed-denial-of-service attacks hit several large banks, the cybercriminal group Izz ad-Din al-Qassam claimed responsibility. The attacks were notable due to the amount of fraudulent traffic they generated, which was much greater than that of a typical DDoS attack.
Researchers from security company Incapsula recently uncovered more details of the attacks. While traditional DDoS campaigns compromise individual computers to make them a part of a botnet, the series of threats against U.S. banks was orchestrated by compromising web servers, giving attackers much more computing power. The wave of attacks from earlier this month revealed more details regarding the inner workings of the DDoS campaign.
"Over the weekend, as the reports of the attack started to roll in, Incapsula security team noticed a suspicious behavior on one of the newly added websites," Ronen Atias wrote on the Incapsula blog. "This client, a small and seemingly harmless general interest U.K. website, was suddenly a focal point of a rapidly increasing number of security events. The cause? Numerous requests with encoded PHP code payload. A closer look revealed that these intercepted requests were attempts to operate a backdoor and use the website as a bot - an unwilling foot soldier in a DDoS army."
In investigating the origin of the attack, Incapsula's team found that attackers were able to compromise the website due to weak authentication credentials. As Atias noted, the privileged account password for one of the web servers he analyzed was "admin."
Poor website security practices allowed cybercriminals to leverage the computing power of hundreds of compromised servers, according to Ars Technica. At their peak, many of the recent DDoS attacks generated more than 60 gigabits per second in false traffic. Commenting on the origin of the attacks, Atias emphasized the importance of adopting thorough security practices and technology to prevent attackers from exploiting common vulnerabilities.
As websites become increasingly common targets, it will be more important to protect data that comes to them. Get your SSL certificate today to safeguard information in transit.