Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Top Stories

‘MIDDLE EAST ORGANIZATIONS SHOULD NOT GIVE IN TO DDOS EXTORTION DEMANDS’, ADVISES ARBOR

Dan Holden

Published : , on

Any business conducting online business is a target for Distributed Denial of Service cyber attacks and needs to build defences, implement plans ahead of time and refuse to give in to extortion demands

Pay up or we’ll take your Website down’, so goes the adage that usually accompanies ransom-based cyber-attacks. Whilst digital ransom attacks come in all sorts of types and forms, Distributed Denial of Service (DDoS) attacks are top of the list of methods used by attackers to force money from targeted companies.

According to Arbor’s ninth annual Worldwide Infrastructure Security Report (2013), DDoS extortion attacks account for 15 percent of all DDoS attacks. While it may seem like a relatively small percentage, one must consider that as much as 10,000 DDoS attacks occur world-wide every day and that the potential cost in damages and reputation can have a significant impact on a targeted organisation. DDoS extortion attacks are generally volumetric, high bandwidth attacks that are launched with the aim of crashing a company’s Website or server by bombarding it with packets, which originate from a large number of geographically distributed bots. The size of volumetric DDoS attacks continues to increase year over year, and they remain a major threat to enterprises and Internet Service Providers (ISPs) alike. In fact, Arbor’s research shows that the average size of DDoS attacks was 20 percent higher in 2013 than in 2012.

Dan Holden

Dan Holden

Dan Holden, Director of Security Research for Arbor Networks’ Security Engineering & Response Team (ASERT) says that traditionally, DDoS extortion attacks were used against online gambling sites, around major sporting events. Criminal gangs would initiate attacks that would bring the Website down just before the event was to start, thus forcing the companies to choose between suffering a major loss in monetary and reputational terms or paying up. Increasingly, however, DDoS attacks are being used to extort money from all sorts of businesses and the reality is that no company should feel safe. Any business in the Middle East operating online – which means just about any type and size of organisation, can become a target, because of who they are, what they sell or who they partner with. Companies that are especially vulnerable to this type of attacks are those with no or limited DDoS protection or ones that lack the resources to deal with either volumetric or application layer based DDoS attacks.

Once the criminals choose a target, the attack usually follows one of two scenarios. Attackers either show off their skills by conducting a ‘sample’ DDoS attack on an organisation, which lasts for a short period of time and is followed by a threat of further attacks if ransom isn’t paid, or simply skip the display of power and proceed straight to the ransom request. The targeted company is then faced with two obvious choices – either pay up or brace itself for further attacks.

So what is the right response when it comes to extortion demands? The answer is simple and always the same – not to give in. Organisations in the Middle East should under no circumstances agree to pay the ransom – it can set a dangerous precedent and encourage more attacks in the future and while it might make the pain go away in the short term, the long term results are generally not worth it. Declining to pay comes, of course, with severe consequences – as we saw from recent attacks on Feedly, the popular RSS reader, who suffered from three, separate waves of DDoS attacks. However, the company has now recovered from the attack and is operating as normal. Furthermore, it has been praised for its brave decision by the security community and even its own customers.

Yet, rather than dealing with the aftermath of an extortion attempt, regional companies that rely on Internet availability to conduct business should be looking to invest in appropriate prevention. Many companies still rely on reactive measures such as router filters and firewalls, which are inefficient and not sophisticated enough to protect against organised cybercrime. Instead, organisations need to invest in preventive, multi-layered mitigation, which includes on premise and cloud protection, as well as allowing for co-operation with their ISP or hosting company. In addition, putting a mitigation strategy in place, should the worst happen, is of crucial importance – especially as only 17 percent of organisations globally feel they are fully prepared for a security incident[1].

By building defences, implementing plans ahead of time and refusing to give in, businesses needn’t feel threatened anymore – attackers wanting to make easy money will have to look elsewhere!

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post