Q

How enterprises can prepare for Project Blitzkrieg-style DDoS attacks

Expert Nick Lewis offers security measures that enterprises, particularly financials, can utilize to fend off Project Blitzkrieg-style DDoS attacks.

The announcement of the Project Blitzkrieg attacks has left me wondering how organizations should prepare for DDoS

attacks that are linked to fraud operations. What specific precautions can organizations take in such a situation?

Ask the Expert

Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)

Project Blitzkrieg is the name given to a reported series of financial fraud attacks against large U.S. banks. The attacks were allegedly being committed by a group of criminals in an attempt to steal millions of dollars.

Unlike more common distributed denial-of-service (DDoS) attacks aimed at websites to overwhelm them with Internet traffic from botnets, Project Blitzkrieg DDoS attacks are largely dependent on malicious users who send traffic to banks in order to commit financial fraud and overwhelm the system In this attack scenario, the customers of these banks are still able to use the banks' website. As Cormac Herley described in a research paper, the losses to individuals will most likely be covered by the banks for attacks like this and the bottleneck is the people stealing the money, not the technology or security controls. Thus the impacted consumers may not take sufficient steps to protect themselves from this type of fraud, but this could be an issue for the financial institutions.

Financial institutions can protect against these Project Blitzkrieg-style DDoS attacks by requiring out-of-band confirmation of financial transactions, delaying suspect transactions by several days or denying transactions involving certain other banks. Unfortunately, all of these security controls can be fairly easily bypassed, but these delay tactics could give banks more time to use their fraud-detection systems to spot the fraudulent transactions. More elaborate security mechanisms can be developed requiring transaction authentication, smartcards, biometrics or two-factor authentication. The attacks would likely continue, though, even with these methods implemented; ATM fraud and robberies still happen even when two-factor authentication is in place. These new controls could reduce the losses from crime, but the costs need to be evaluated to determine if they reduce the overall cost of financial fraud.

This was first published in May 2013

Dig deeper on Denial of Service (DoS) Attack Prevention-Detection and Analysis

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close