Aug 28 2020

What Are DDoS Attacks, and How Can Banks Defend Against Them?

With potentially millions of dollars at stake, downtime is more than just a customer service problem for financial institutions.

Dependability is crucial to any business. Customers come to organizations with the expectation that products and services will be delivered on time. This is perhaps nowhere more critical than at financial institutions, whose services are among the most important and personal to customers.

Such customer relationships, built on trust and reliability, can be shattered in the wake of a distributed denial of service attack. A DDoS attack can prevent customers from being able to access their finances, striking at the core of that trust — after which it may not be possible for a financial institution to rebuild the relationship. 

A disruption in service can lead to disgruntled customers in any industry. But for financial institutions, downtime can lead to lost revenue for both the organization and its customers. For example, when investment app Robinhood crashed twice in two days earlier this year, users lost out on potential investments. Many threatened the company with a class-action lawsuit, according to CNN, and Robinhood had to apologize with account credits.

At a time when more business is being conducted online, it’s more important than ever for organizations to have the right tools in place to mitigate a DDoS attack. 

WATCH: Looking to protect your remote workforce? Learn how from security experts.

What Is a DDoS Attack?

A denial of service attack is a malicious attempt to disrupt a targeted service, server or network by flooding it with overwhelming internet traffic. This internet traffic can be pointed directly at the targeted system or at the surrounding infrastructure to slow down the service. When multiple sources team up to disrupt service, it’s known as a distributed denial of service attack.

In order to carry out a DDoS attack, bad actors must gain control of a large network of online machines. This network can include computers, Internet of Things devices or other machines, all of which form what’s called a botnet. The botnet, according to a white paper from the Center for Internet Security, is then leveraged to carry out the attack.

“When an attacker uses a botnet to perform the DDoS attack, they send instructions to some or all of the zombie machines connected to that botnet, thereby magnifying the size of their attack, making it originate from multiple networks and possibly from multiple countries,” the white paper notes. 

Since each machine is a legitimate internet device, it can be difficult to distinguish between botnet traffic and normal traffic from users who are trying to access the service. This makes it challenging to isolate the attack by separating out the botnet. 

Types of DDoS Attacks: HTTP GET Flood, SYN Flood and Layer 7 Attacks

Different types of DDoS attacks target different parts of service connectivity. The two most common types are SYN flood and HTTP GET flood, according to a Fortinet white paper. These attacks “are used to overwhelm network connections or overload the servers behind firewalls and intrusion protection services (IPS),” by using botnets to flood the connection the same way legitimate users would try to access the site or service.

HTTP floods are part of a great grouping of DDoS attacks that target the application layer of network connectivity (Layer 7). Application layer attacks are often more sophisticated and require additional mechanisms to carry out.

“Rather than simply flooding a network with traffic or sessions, these attack types target specific applications and services to slowly exhaust resources at the application layer,” the Fortinet white paper states. 

“Application-layer attacks can be very effective at low traffic rates, and the traffic involved in the attacks can be legitimate from a protocol perspective. This makes application-layer attacks harder to detect than other DDoS attack types. HTTP Flood, DNS dictionary, Slowloris, etc., are examples of application-layer attacks.”

How Can DDoS Attacks Be Harmful During Remote Work?

Any kind of service disruption is going to throw a wrench into business, particularly in the financial sector where the flow of money is at the core of the industry. But now that large portions of the workforce are doing their jobs from home, it is particularly important that network connections remain unimpeded.

MORE FROM BIZTECH: Learn how banks can prepare networks for longterm remote work.

Customers' inability to access financial services can be problematic enough, but a DDoS attack amid widespread remote work could also cripple access for bank employees, bringing operations to a halt — and also raising questions about trust and reliability among customers, many of whom may be experiencing financial hardship amid economic uncertainty.

The threat has increased as well. Kapersky found that DDoS attacks in the first quarter of 2020 were up 80 percent over Q1 2019, and doubled from Q4 2019. That research also found that the average DDoS attack in Q1 2020 lasted 24 percent longer than the previous year.

Recommended Tools for Preventing a DDoS Attack

This increased risk coupled with higher stakes means that businesses can’t afford to put DDoS mitigation on the back burner. Defending against DDoS attacks begins with being able to distinguish between legitimate traffic and traffic that stems from the attack. 

One tool that can help with this is a web application firewall. WAFs can filter, monitor and even block HTTP traffic to a web application, serving as a proxy to keep out potential zombie machines that might be part of a DDoS attack.  

Organizations also must be prepared to respond if they are the victims of a DDoS attack. Having a disaster recovery plan is critical, as it will allow the organization to maintain operations while such an attack is ongoing — ensuring business continuity despite unforeseen circumstances. 

Maintaining the reliable delivery of products isn’t only a customer service issue, it’s also a security issue. For businesses to avoid big losses during a DDoS attack, they must put the proper solutions in place and plan for how they can continue operations around it.

fizkes/Getty Images