International Cyber Attacks:International cyber-attacks, especially Denial-of-Service (DoS) attacks, typically originate overseas and elude prosecution by local jurisdictions. DoS attacks are usually considered anonymous in nature due to IP Spoofing, the lack of international regulations, and lack of international cooperation. Although some DoS Prevention technology exists, they become obsolete and circumvented over time as DoS attacks become increasingly prevalent and sophisticated. Therefore, network providers are forced to address and resort to approaches that simply contain and mitigate DoS attacks.
DoS Background:Although the risk may vary, all systems and networks and formats are vulnerable to DoS. When DoS attacks occur, administrators need to classify it as a potential cyber-security breach within in their network. As connection availability becomes exhausted, attackers/bots scout and poke for vulnerabilities (especially in financial networks). By overloading the resources of the network, execution and function anomalies occur. This may allow attackers to anticipate and exploit known vulnerabilities in any network. Moreover, it does not matter whether the system is LAMP or ASP.NET for a DoS. The duration of a DoS attack can vary.
To better understand DoS, it may be helpful to compare traffic on the web to traffic on a highway. When a highway is congested with traffic, the flow or response for services is diminished or halted. Thus, a network administrator's goal would be to reduce events of high or useless traffic. However, network administrators usually understand that countermeasures for DoS are only a way to curb or contain a DoS outcome, and that they may have no absolute control to prevent DoS. It would be an unrealistic expectation that all DoS risks could be addressed on a network. In addition, DoS attacks become more sophisticated and countermeasures become obsolete over time. Nevertheless, network administrators endeavor to stop a DoS from completely flooding and shutting down the system. This is further evidenced with Google Search which has a Captcha safeguard. One of the purposes is to prevent bots from contributing to a DoS when the system detects unusual user behavior.
CMS Systems:Much vulnerability can exist in CMS (Content Management System) type platforms such as WordPress, Joomla, Drupal; Attackers always have access to the source code of these files because they are public. Attackers regularly review the updated scripts and search for vulnerabilities and opportunities to inject code and files. In some cases, it can relate to DDoS attacks such as the widely-known exploitation of the XMLRPC.PHP pingback issue. Ultimately, the attackers are informed where the vulnerabilities are located in when security updates occur for the platform's online community. These attackers simply target such vulnerabilities for sites that have not yet updated and implemented the new files. Depending on the attacker's sophistication, they or their bots might first check if certain sites have updated yet by checking the system's change log file. Alternatively, the attackers blindly send requests to all known targets despite using additional resources. In addition, various plugins or widgets can likewise contribute to security vulnerability opportunities.
List of Companies:The following large institutions have been victims of a DoS attack:
- Bank of America
- JPMorgan Chase
- Wells Fargo
- U.S. Bank
- U.S. Federal Reserve
Intentional vs. Unintentional DoS
- to steal money; gain access to financial account information
- nefarious sql injection purposes, to inject new code, execution files
- cause malicious downloads of malware to visitors to gain access or info
- to disrupt business operations
- to make a political statement
- to blackmail
- popularity of a website (typically links from high traffic sites) drives unusually high traffic to server