New details have emerged about the attack toolkit that was used to launch the distributed denial of service (DDoS) attacks against a number of US-based financial institutions late last month. Read More ..
The majority of the banking attack traffic does not appear to have been generated by client bots, but rather from compromised servers in data centers, Carl Herberger, vice-president of security solutions at Radware, told SecurityWeek on Thursday.
The “itsoknoproblembro” toolkit did not compromise those servers in the first place, as Radware believes the servers were already under the attacker's control before being infected with the DDoS attack kit, Herberger said.
Some of the U.S.-based financial institutions that fell under attack in late September include Bank of America, JPMorgan Chase, PNC Bank, and others. While not all the institutions confirmed being hit by denial of service attacks, they all experienced extremely high traffic volumes that affected the availability of their sites within days of each other.
The fact that the denial of service attacks originated from servers within the data center, as opposed to a large botnet or series of client machines, means the attack traffic could bypass security mechanisms in place, Herberger said. The servers generally have a trust relationship with the endpoints, which means malicious traffic coming from the servers look like internal traffic and abuse that relationship, Herberger said.