About Thawte

News

More financial institutions targeted in DDoS cyberattacks

The computer security of numerous financial organizations is at risk from expanded distributed-denial-of-service attacks by hacktivist group Cyber Fighters of Izz ad-Din al-Qassam. The cybercriminals have been infiltrating banks since September of last year, but a self-proclaimed 'third stage' includes brokerage firms and credit-card companies among the targets. Security experts are concerned by the hacktivists' expansion and methods, and further alarmed by the firepower that they believe the group might still harbor in reserve.

The third stage, wrote CSO's Antone Gonsalves, began in late February. Banks have improved their security tactics, he reported, but the hackers have set their sights on other entities, responsible for investments, financial planning and stock trading. The group took credit for many of the DDoS attacks in a PasteBin post, where they proclaimed that threats would continue unless certain conditions are met, including the removal of a controversial video called "Innocence of Muslims" from YouTube.

Although the DDoS attacks disrupted websites and operations of online banking companies, wrote Gonsalves, there have been no system breaches or instances of data theft to date.

Cyber-reconnaissance poses new threat level
John Summers, vice president of security at Akamai Technologies, which has nine of the world's top ten banks as clients. said that the most recent threats reveal cunning new levels of hacking, reported Gonsalves. The group has advanced beyond flooding network traffic to targeting the application layer where secured communication protocols reside. This is the hub of an organization's business operations and increases the risk of critical security leaks.

The hackers continue to utilize the Brobot DDoS application, which spreads malware into infiltrated web servers. Advanced methods entail what Gonsalves called "pre-attack probing of sites," which introduce a smaller level of traffic to see if it can weaken the site.

"If it does, then they come back a few days later with a full-scale assault," wrote Gonsalves. This cyber-reconnaissance tactic is unique to the hacktivists' third stage, and has security professionals worried that they haven't seen the worst of the hackers' capabilities.

CSO's Bill Brenner reported on security advice that Eric Kobrin, senior security architect at Akamai, offered in a recent talk. Kobrin said that financial institutions can protect themselves by building up their online infrastructure, paying more attention to their hosting providers and making sure that all content management systems are running the latest and most secure software.

Hackers are on the lookout for new targets. Protect your in transit data with an SSL certificate today.

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +27 21 819 2200
Fax: +27 21 819 2950

Thawte is a leading global Certification Authority. Our SSL and code signing digital certificates are used globally to secure servers, provide data encryption, authenticate users, protect privacy and assure online identifies through stringent authentication and verification processes. Our SSL certificates include Wildcard SSL Certificates, SAN /UC Certificates, SGC SuperCerts and Extended Validation SSL Certificates.

What is an SSL Certificate Which SSL Certificate is Right for Me? Why Choose Thawte?