Device Hardening and Continuous Compliance Monitoring CONTINUOUS COMPLIANCE

According to the Armed Forces, Swedish military computers were hacked and consequently used in an attack targeting major United States banks back in 2013.

The attack took out the websites 20 major U.S. banks and financial institutions, and in some cases, for several days. Military spokesman, Mikael Abramsson, claims a server within Sweden’s’ defense system had a flaw that was abused by hackers to carry out the malicious attacks.

The vulnerable servers were used in a DDoS attack that struck the websites of major banks like Citigroup, Capital One and HSBC with overwhelming requests for information. The attacks started back in 2012 and continued uninterrupted for months, warranting this breach the biggest ever reported at the time of the attack.

The attacks were initially blamed on Iran, claiming it was in retaliation for political sanctions and previous cyber-attacks on its own systems.

But Sweden is not solely to blame- various other vulnerable servers around the world were used to execute the attack, and together they created an internet traffic jam so powerful that it knocked the banks ‘offline’.

According to Abramsson, “The hacking attack was a kind of wake-up call for us and forced us to take very specific security steps to prevent such a thing from happening again.”

Conducting DDoS attacks and disabling an organization's web presence has become easier than ever before, however, this type of attack also remains one of the most difficult to defend against. According to NNT’s CTO, Mark Kedgley, “DDOS remains one of the most difficult attacks to defend against - by definition, the attack is perpetrated simultaneously from large numbers of devices including home and business users wherever a Trojan has been deployed. This makes the standard countermeasure for DDOS - blocking/blacklisting associated IP addresses - extremely hard.”

As these large attacks become increasingly common, it’s time to defend against DDoS! One route is to prevent the establishment of Botnets- this will require being malware-aware and abiding by best security practices. Once the botnets’ invoked, organizations should isolate the malware responsibly and get it removed before any damage is done.

For some helpful times on how to mitigate the damage done by a DDoS attack, see our How To Protect Yourself- DDoS Learning Curve Article

 

Read this article on Security Week

Share this blog post

Products
USA Offices
New Net Technologies Ltd
Naples
9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
email USinfo@nntws.com
NNT Logo
UK Office
New Net Technologies Ltd
Spectrum House, Dunstable Road
Redbourn,
St Albans

Herts
AL3 7PR

Tel: 08456 585 005
Fax: 08456 122 031
email info@newnettechnologies.com
Connect with NNT
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
Sign up to NNT's IT security and compliance monthly newsletter. Get breaking security news, how-to tips, trends and commentary direct to your inbox.

Sign up to the NNT newsletter