Financial Crime World

State-Sponsored Actors Target US Financial Sector with DDoS Attacks

Recent Investigation Uncovers Evidence of State-Sponsored Actors

A recent investigation has uncovered evidence that state-sponsored actors have been targeting the United States financial sector using distributed denial-of-service (DDoS) attacks. The majority of traffic originated from four Chinese internet service providers (ISPs), ASNs: 4134, 4837, 58453, and 9394.

DDoS Attacks on the Rise

  • Recorded Future logged nearly 85,000 references to DDoS attacks between January and October 2021 from dark web and underground forum sources.
  • Criminals are increasingly using DDoS services to extort victims, with prices ranging from $20 to $300 for sustained attacks.

The Market for DDoS Attack Services

  • The market for DDoS attack services has been around for at least a decade, with the typical cost ranging from $50 to $200 per day.
  • The emergence of DDoS mitigation services like Cloudflare has created new opportunities for criminals, who are now offering more expensive DDoS attacks specifically designed to bypass these protections.

Notable Cases

  • In 2016, seven Iranians were charged in connection with Operation Ababil, a multi-phrase series of DDoS attacks targeting multiple US financial institutions, including Bank of America, PNC, CapitalOne, Zions bank, and JPMorgan Chase & Co.
  • In 2021, a Swedish financial institution was targeted with a DDoS attack that lasted for roughly three weeks and consisted of sustained attacks against multiple IP addresses.

Attack Pattern Analysis

  • The attack pattern analysis suggests that the attack was not sophisticated, targeting easily identifiable domains used for customer login.
  • A more sophisticated attacker could have taken time to map the network using tools like Shodan to identify vulnerable IPs where temporarily disrupting connections would cause greater damage.

Types of DDoS Attacks

  • There are two main forms of DDoS attacks: volumetric attacks and application-based attacks.
    • Volumetric attacks consist of a mass of Layer 3 (ICMP) or Layer 4 (UDP) connections.
    • Application-based attacks target specific applications or services.

Factors Contributing to the Increase in DDoS Attacks

  • The COVID-19 pandemic
  • The proliferation of IoT devices
  • The continued growth of bandwidth
  • Cybercriminals have discovered that many victims will reliably pay ransom money, making DDoS a lucrative option for attackers.

Conclusion

As the financial sector continues to evolve and rely more heavily on digital transactions, it is crucial for institutions to prioritize DDoS protection and stay informed about the latest attack patterns and trends.