Posts Tagged ‘CyberBunker Attack’

This slideshow requires JavaScript.

The ‘biggest cyber attack in history’, which has been slowing down internet services for millions across the world, may have affected thousands of mobile banking customers.

Business and personal mobile banking customers for Natwest, RBS, and Ulster Bank are today experiencing problems accessing online accounts – although it has not yet been confirmed whether this is linked to the attack.

It comes after a bitter feud between two online companies – a group which aims to block unwanted emails known as ‘spam’ and a firm accused of sending them – erupted.

Spam-fighting organization Spamhaus says it’s being subjected to a massive cyber-attack, apparently from groups angry at being blacklisted by the Geneva-based group.

Millions of web users have already experienced disruption to popular services such as film and TV site Netflix, along with longer than usual delays in loading websites.

And yesterday experts warned the assault could soon impact on banking and personal email accounts.

The problems began when spam-fighting company Spamhaus – a not-for-profit group that aims to help block unwanted junk emails – black-listed Dutch company Cyberbunker earlier this month.

Cyberbunker is what is known as a hosting company, meaning it allows organisations to make their websites accessible on the internet by providing space on a server.

The company’s website says it will host anything ‘except child porn and anything related to terrorism’.

Spamhaus, which has offices in London and Geneva, keeps a database of web servers which are known to be used for malicious purposes, such as sending spam mail for bogus products – such as fake weight-loss pills or Viagra – and earlier this month added Cyberbunker.

Spamhaus claims Cyberbunker has launched a huge ‘denial of service’ (DDoS) attack in retaliation by flooding its servers with internet traffic.

This is like jamming a mailbox with hundreds of letters at the same time.

Professor Alan Woodward, a cyber security expert at the University of Surrey, explained: ‘If you imagine it as a motorway, attacks try to put enough traffic on there to clog up the on and off ramps.

‘With this attack, there’s so much traffic it’s clogging up the motorway itself.’

Matthew Prince, chief executive of internet security firm CloudFare, likened the move to a ‘nuclear bomb’, adding: ‘It’s so easy to cause so much damage.’

David Emm, a senior security researcher with anti-virus firm Kaspersky Labs, said the attack was slowing down the whole internet, adding: ‘It’s like if someone wanted to flood my letterbox with junk mail it would all have to go through the delivery office and that would have an effect on the delivery of other people’s letters.

‘If the mail is coming from all over the place it will have some impact on the wider delivery.’

Steve Linford, chief executive of Spamhaus, told the BBC the scale of the attack was unprecedented and powerful enough to bring down the Government’s computer system.

A spokesman for the Royal Bank of Scotland group said they were investigating the issue.

They added: ‘We are aware of a technical problem this morning which is preventing customers from logging in to our mobile banking applications.

‘We are working to fix the problem and apologise to customers for the inconvenience caused.

‘No other systems are affected.’

 Global impact: Experts say traffic to the Netflix site has been affected by the attack on anti-spam firm SpamHaus

Mr Linford said he could not disclose more details as there were fears those involved may also come under attack.

He added that several companies, such as Google, had made their resources available to help absorb the excess traffic.

Sven Olaf Kamphuis, who claims to be a spokesman for Cyberbunker, said in an online message that Spamhaus was abusing its position and should not be allowed to decide ‘what goes and does not go on the internet’.

He added: ‘We are aware that this is one of the largest DDoS attacks the world had publicly seen.’

Experts say such attacks are growing in power and are now six times larger than recent ones against American banks.

Companies that monitor Internet traffic said Wednesday that an intensive cyberattack against a European spam-fighting organization has ended.

The attack against the Spamhaus Project Ltd., a nonprofit group that tracks spammers, was massive enough to slow some of the traffic on the Web to a crawl.

Analysts work in the Security Operations Center at the Dell SecureWorks office in South Carolina

Analysts work in the Security Operations Center at the Dell SecureWorks office in South Carolina

Spamhaus accused Cyberbunker, a Dutch Web-hosting company, of coordinating the so-called distributed denial-of-service attack against it, according to a report by the British Broadcasting Corp. In a DDoS attack, multiple servers send simultaneous requests to the target’s Web servers, ultimately causing them to crash.

According to the BBC, Spamhaus said the attack was in retaliation for its blacklisting of the Dutch company.

Neither Cyberbunker nor Spamhaus could be reached for comment. A person familiar with the situation said Spamhaus thinks it is still under attack.

The cyberattack was one of an increasing number of such offensives against corporations, including large financial institutions, and raises questions about what companies can do to guard against them.

The DDoS attack directed at servers run by Spamhaus came at a rate of 300 gigabits a second, which is five or six times the intensity of typical cyberattacks against banks, said Dan Holden, director of security research at Arbor Networks Inc.

“Up until this, the largest attack we had seen was a 100-gigabit attack in 2010 and an 80-gigabit attack in 2012. Jumping up to 300 is tripling the largest attack we’ve seen,” he said.

According to Mr. Holden, the attack against Spamhaus caused “collateral damage” across the Web because of the “pure size” of the attack. The extent of any collateral damage is also dependent on the path taken between the attacking servers and the victim, he said. Arbor Networks is able to determine the ebbs and flows of Web traffic by aggregating data provided by 250 Internet-service providers around the world.

DDoS attacks are becoming a problem for large institutions, including U.S. banks. Thus far, corporations have responded by using technologies from tech companies such as Akamai Technologies Inc., AKAM +0.23% Prolexic Technologies and others that help companies deflect unwanted traffic from their sites.

Those technologies can help keep sites functioning normally. In January, as attackers hammered bank sites with DDoS attacks, the availability rate of websites at U.S. financial institutions actually rose to 97.21% from 94.86% in the fall, when the first phase of the ongoing attacks was in full force, according to a report from BankInfoSecurity.com.

But there are limits to how effective defensive technologies can be. A spokesperson at Wells Fargo WFC -0.86% & Co. confirmed its banking websites were under attack Tuesday, but added that most of its customers weren’t affected. It didn’t explain how it deflected the attack.

Last Wednesday, Wells Fargo’s chief information security officer, Rich Baich, said companies need to think in advance about how so-called hacktivist groups, which use cyberattacks as tools of political or social protest, might respond to actions they takes at any point in time. Mr. Baich was speaking at the IT Security Entrepreneurs Forum at Stanford University. “It’s not just about nuisance, where a website was hacked, it’s about them holding you hostage by denying you use of the Internet,” he said.

He stressed that attackers can do more than take down websites: They can use viruses to physically destroy electronic devices, as was the case with personal computers at Saudi Arabian Oil Co.’s last August. “Now there’s a destructive angle,” Mr. Baich said.

Mike Smith, director of the customer-security incident response team at Akamai, says such attacks are possible because of improperly configured domain-name servers—the servers that correlate website addresses, such as wsj.com, into the numerical addresses used by servers.

According to Mr. Smith, “hosting providers, businesses, and people with a cloud server who set up their own DNS resolver” often neglect to configure their servers using proper security settings. He says there are groups that compile lists of servers that improperly configured and open to abuse.

The sudden pickup in targeted attacks against corporate websites has brought cybersecurity to the highest levels of attention. The rise of IT security “to a board level concern is maybe the fastest I’ve ever seen,” said Thomas Sanzone, senior vice president of consulting firm Booz Allen Hamilton Inc. BAH -0.53%

The attack against Spamhaus raises questions about what companies should do to protect themselves, and whether a proactive defense is appropriate.

Compared with governments, companies are limited in actions they can take to legally respond to cyberattacks. Michael Chertoff, the former secretary of homeland security, said diplomatic considerations make it difficult for the government to take action against suspected adversaries from other countries.

Mr. Chertoff, who worked at the Department of Homeland Security from 2005 to 2009 and now runs a security consulting firm, said the U.S., which formally launched its cyberdiplomacy campaign in 2009, is currently trying to figure out how to deter and retaliate against cyberattacks, many of which come from sovereign countries.

“There are a serious questions about what we can do to defend ourselves and how far we can go in what we call active defense, that are both legal and policy questions that have yet to be resolved,” said Mr. Chertoff in January.

Mr. Chertoff counseled companies to think long and hard about retaliating on their own, noting that they could end up crippling a server that controls hospital equipment, while also unwittingly hosting malware.

 

source – http://online.wsj.com