FINRA memo June 19, 2015 announces: An increasing number of member firms have been subjected to DDoS attacks originating from a cyber-criminal group called DD4BC.
The latest in ongoing efforts by cyber criminals to extort money and disrupt practices for online business. The cyber-crime group DD4BC is one of the most active at DDoS attacks on industry’s, asking for ransom payments in exchange for the return of website service. Many businesses do not understand what a DDoS attack is and how they occur. Nor, do they understand what to do if they become subject to an attack.
Ransom demands for large firms can be several thousand if not hundreds of thousands of dollars in BitCoin. The danger in paying the ransom to DDoS blackmailers is that it encourages them to attack. In some cases the attackers will make repeated attacks and repeated blackmail demands.
FINRA is notifying financial and securities firms to be on the lookout for these types of attacks and be prepared with a plan in place to mitigate damages and reduce business disruption.
Attacks on FINRA Member firms and Financial Services
The DDoS attacks FINRA is cautioning about render a website or network unavailable for its intended users by sending an overwhelming number of incoming messages to the website, causing the site to “fail to load” or show as “unsecure” when legitimate users try to access it.
Cyber Crime Group DD4BC makes extortion demands on targeted systems
The end goal for DD4BC criminals in these attacks is extortion. DD4BC criminals will first send a firm an email announcing their plan to target the website with a DDoS attack. They further state, the attack can be avoided by paying ransom in BitCoin. To prove they are serious, DD4BC initiates a minor attack, with a threat of more attacks if the ransom is not paid within 24 hours.
A bounty on the DD4BC cyber crime group
The Bitcoin community and other firms are fighting back. A recent threat to Bitalo.com (a bitcoin exchange firm) resulted in Bitalo offering a reward of 100 times the amount DD4BC had asked for. Other firms have also pledged “would be blackmailed” bitcoin rewards for information leading to the arrest and conviction of DD4BC criminals.
What to do if faced with an attack:
A firms first point of contact in the event of attack is the local FBI office, Cyber Crimes division. The FBI works diligently in tracking and capturing these cyber criminals. The earlier they have information about an attack, the better their chances are at locating the criminals and alerting other firms to danger. Additionally, FINRA is asking that financial firms notify the SEC and FINRA. They will use this information to identify the extent of industry attacks and help firms stop these crimes.
Prepare in advance for an Attack:
Most DDoS attacks start as a sharp spike in traffic. Familiarize yourself with typical inbound traffic statistics for your website by auto-generating reports to monitor traffic on a daily and weekly basis.
Work with your website host to “overprovision” band-width for your website. This can often be done for very little additional cost. And, while it is not likely to prevent damage from an attack, it could add a few minutes of lead time. Also, many host companies can set up alerts to notify you if there is a sudden spike in band width usage.
What is your response plan:
Prevention is the best strategy. Have your system evaluated for best practices before an attack starts. If you need help there are DDoS mitigation firms that specialize in securing IT systems to detect, monitor, and block attacks. Determine where your system is weak and make changes to improve security.
Have a contingency plan in place to reach customers if the firm’s website is unavailable. Alternative communication methods include customer service phone support and cloud based communication portals.
Maintain email and VOIP phone service on a different server than your website. DDoS attacks tend to cripple everything on the server. Segregating digital data through separate network connection hosts adds a layer of protection for confidential email lists and customer data.
What to do if you are under attack:
Call your website hosting company or ISP to let them know of what’s happening. They may be able to make routing adjustments to your traffic and prevent malicious traffic from making it in to your website.
DDoS mitigation and monitoring services can also provide assistance. If needed, website hosts and ISP’s can direct you to a company that specializes in scrubbing data and diverting traffic when under DDoS attack.
If the attack is lasting a relatively long time, direct your site to a hosted “We Are Down “ landing page for customers. Use the page to provide customers with alternative ways to reach your firm. This will bring confidence to your customers and save them the frustration of multiple unsuccessful attempts to reach your company online.