Threat Alert

by IthacaLabs™

THREAT LEVEL/High 07/09/2020

New campaigns of DoS and DDoS attacks targeting finance and business organizations

Threat Level Description

Threat Level: High - An attack is highly likely. Additional and sustainable protective security measures reflecting the broad nature of the threat combined with specific business and geographical vulnerabilities and judgments on acceptable risk.

Description

We have observed that new campaigns of denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks have been identified worldwide.

According to the Cybersecurity and Infrastructure Security Agency (CISA), these DoS and DDoS attacks are targeting finance and business organizations all over the world, causing disruption of critical services.

A DoS attack is accomplished by flooding the targeted host or network with traffic until the target cannot respond or simply crashes, preventing access for legitimate users. In a DDoS attack, the incoming traffic originates from many different sources, making it impossible to stop the attack by blocking a single source.

These attacks can cost an organization both time and money while their resources and services are inaccessible.

CVE(s)

N/A

Affected Systems

  • N/A
  • Recommendation(s)

    The guidelines below will help you protect against DDoS attacks and its associated security threats:
    * Create a DDoS Response plan.
    * Determine what functionality and quality of service is acceptable to legitimate users of online services, how to maintain such functionality, and what functionality can be lived without during denial-of-service attacks.
    * Protect organization domain names by using registrar locking and confirming domain registration details (e.g. contact details) are correct.
    * Partition critical online services (e.g. email services) from other online services that are more likely to be targeted (e.g. web hosting services).
    * Temporarily transfer online services to cloud-based hosting hosted by a major cloud service provider (preferably from multiple major cloud service providers to obtain redundancy) with high bandwidth and content delivery networks that cache non-dynamic websites. If using a content delivery network, avoid disclosing the IP address of the origin web server, and use a firewall to ensure that only the content delivery network can access this web server.
    * Use on premise DDoS solution as part of the defense in depth approach: On-premise DDoS defense solutions installed immediately in front of application and database servers are required to provide a granular response to flooding-type attacks, as well as to detect and deflect the increasingly frequent application-layer DDoS attacks.
    * Maintain continued vigilance.

    References

    Get the latest Threat Alerts in your inbox.