An article published in the New York Times last Wednesday touched off a media frenzy by suggesting that Iran has been behind the cyber attacks on US financial institutions taking place since late September of last year. While the questions of forensics and culpability pose a particular challenge when it comes to cyber security, there are a number of unprecedented components to these attacks that should absolutely command our attention.
Coming up on close to four months, there is no doubt that the US bank attacks represent the longest persistent cyber attack on a single industrial sector in history. However, the question remains as to how these attacks have managed to be as successful as they have been.
The answer lies in the innovative tactics the attackers have deployed:
Leveraging data centers and cloud-hosting providers – To be sure, these are not your garden variety DDoS attacks. By exploiting the remote servers and cloud infrastructure that financial institutions rely on, hackers have been able to amplify the attack using a toolkit dubbed “itsoknoproblembro.” Taking over proxy servers, the attacks have consumed bandwidth, processing power and data storage in unprecedented amounts – amounts that these institutions simply can’t handle.
Usage of server-based botnets – Another distinguishing feature of these attacks is the usage of server-based botnets in place of lone server attacks. The use of multiple infected servers organized in a single botnet has allowed for a significant increase in firepower and reliability as well as more sophisticated command and control.
The rise of encrypted layer attacks – In addition to infected data centers and server-based botnets, the perpetrators have launched attacks via the encrypted layers used by these institutions to conduct secure financial transactions. The use of encrypted layers has allowed many of these attacks to escape early detection and fly below the radar, making them much more difficult to combat.
While debates about who is to blame for the attacks will continue to raise more questions than answers, there can be no doubt that the introduction of these new tactics are evidence of an evolving cyber security landscape. One in which the attacks are more sophisticated and more severe, and one which requires a new approach from security professionals moving forward.