Under the hood of recent DDoS Attack on U.S. Banks


Incapsula security study reveals how a simple neglect in managing the administrative password of a small UK site was quickly exploited by Botnet shepherds operating obscurely out of Turkey to hurl large amounts of traffic at American banks.

under the hood of cyber attack on US : ehack

under the hood of cyber attack on US : ehack

If you’ve been following the news, you are probably aware of a wave of DDoS attacks that recently hit several major U.S. banks. Izz ad-Din al-Qassam, a hacker group that claimed responsibility for these attacks, declared them to be a retaliation for an anti-Islam video that mocked the Prophet Muhammad and a part of the on-going “Operation Ababil.”

As the reports of the attack started to roll in, Incapsula security team was able to uncover one of the secret foot-soldiers behind the assault: a compromised general-interest UK-based website that was trying to hurl large chunks of junk traffic at three of the world’s largest financial institutions (PNC, HSBC and Fifth Third Bank).

Cyber attack on US bank : ehack

Cyber attack on US bank : ehack

At On the eve of the attack, this website suddenly became a focal point of a rapidly -increasing number of security events, caused by numerous requests with encoded PHP code payload. Incapsula was able to intercept these requests and traced them back to a backdoor shell that was used to hijack the site.

The backdoor was installed before the website on-boarded Incapsula, and yet the cause of security breach was clear. The administrative password was…you guessed it: admin / admin.

Cyber attack on US bank : ehack

Cyber attack on US bank : ehack

After decoding the incoming PHP requests, the security team could clearly identify them as DDoS attack commands, originating from a Turkish web design company website which was used as a remote Botnet C&C. From the looks of it, the Turkish website was also compromised and used as an additional buffer between the real hacker and its U.S. based targets.

Further investigation showed that the UK website was a part of a Botnet for Hire which was working in “shifts” to produce HTTP and UDP flood attacks. As Incapsula team continued to block and monitor incoming DDoS commands, they saw that the list of targets went beyond American banks, also including e-commerce and commercial websites from several other countries.

Incapsula published the full description of the DDoS attack in the company blog, concluding it by saying that this was just another demonstration of how security on the Internet is always determined by the weakest link. Simple neglect in manage the administrative password of a small UK site, can very quickly be exploited by Botnet shepherds operating obscurely out of Turkey to hurl large amounts of traffic at American banks.

Incapsula Security Analyst, Ronen Atias said: “This is a good example of how we are all just a part of a shared ecosystem where website security should be a shared goal and a shared responsibility.”

Original post at –thehackernews

Thanks for reading. hope it might helped you.
http://ehack.thegeoadventure.com/

Advertisements

Posted on January 11, 2013, in cyber crime, hacking and tagged , . Bookmark the permalink. 1 Comment.

  1. Wow, fantastic weblog layout! How lengthy have you been
    blogging for? you made running a blog glance easy. The total glance of your web site is excellent,
    let alone the content material!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: