One challenge is that the attacks are not coming from known malicious sources. Therefore the traditional line of defense — keeping a blacklist of cybercriminals, chains and groups that can be prevented from accessing a web server — doesn't work.
Attackers can also spoof IP addresses, so the identity of the incoming user is easily muddled. "These reports are coming out of Iran, but there are plenty of countries, people and competitors that want to diminish the effectiveness of websites for banks and companies everywhere," says Marty Meyer, CEO of Corero Network Security in Hudson, Mass. "To me, this is a cyberwar and people have to be prepared to protect themselves against it."
In a distributed denial of service attack, a web server is flooded with so many requests from multiple sources that it struggles to keep up and therefore its performance is slowed and sometimes stopped altogether. This does not necessarily lead to theft or even access to any sensitive information, but it is extremely inconvenient for banks and their online banking customers. "All the banks now are scrambling to figure out what to do," observes Meyer. "I think these hacktivists want to create some sort of doubt in the American consumer in the financial institutions, and create instability that way."
But this is a cyber war that can be won, he and others say. "It requires a layered approach, but it's totally preventable," Meyer says. "A lot of the articles out there have people throwing up their hands saying 'What can we do?' which is really scary if you're a consumer and your money's in the bank. There are really good technologies out there." Here are some examples of solutions to help banks before, during and after a DDOS attack.
Many companies offer security intelligence services that similarly alert banks to potential security threats. Dell SecureWorks has counter-threat unit made up of white-hat hackers that delivers a quarterly trend analysis report and an hourly XML feed that can be ingested by a company's security controls.
"Firewalls aren't really designed to do that, they don't really protect the servers from a variety of DDOS attacks that are out there, known as application layer attacks, which are very sophisticated attacks that look like normal customer traffic," Meyer says.