http://www.prolexic.com/knowledge-center-white-paper-ddos-cyber-attacks-global-markets.html?cvosrc=3rdParty.NationalPositions.WP-Markets | A rising number of recent DDoS attack campaigns have targeted the financial industry. As a result, financial institutions are anxious, and governments are considering the national security implications associated with digital assaults against the critical economic infrastructure provided by financial firms, including trading platforms. Are DDoS cyber attackers trying to manipulate stock prices and trading markets? The DDoS experts in PLXsert think so. Learn more about this security threat in these excerpts from the Prolexic white paper.
2. www.prolexic.com
What is a DDoS cyber attack?
• DDoS: Distributed denial of service
• These cyber attacks can:
– Degrade an organizations’ online presence
– Restrict availability of its online services
• Attacks against the financial industry are growing
• Cyber attackers are interfering with
– Stock values
– Financial markets
– Commodity markets
3. www.prolexic.com
What is market manipulation?
• Deliberate and malicious interference with market
values
• Attempts to create an artificial price for a tradable
security
• DDoS cyber attacks have sought to:
– Reduce the availability of products and services from
publicly traded companies
– Shut down financial exchange platforms
– Harm consumer and investor confidence
4. www.prolexic.com
Malicious actor: L0ngWave99
• Responsible for Operation Digital Tornado
• Attack campaign ran for 3 months in early 2012
• Hit US securities and commodity exchanges
• Claimed to be motivated by political ideals
• Supported the Occupy Wall Street movement
• Harshly criticized policies of the U.S. government
and international finance institutions
5. www.prolexic.com
Malicious actor: Al-Qassam Cyber Fighters (QCF)
• Responsible for Operation Abibil
• Attack campaign ran for a year and a half – from
January 2012 through August 2013
• Hit American financial firms, U.S. securities and
commodities exchanges
• Used the itsoknoproblembro DDoS toolkit
• Believed to be located in the Middle East
• Promotes pro-Palestine and anti-Western rhetoric
6. www.prolexic.com
Examples of DDoS cyber targets
• Country of Estonia
• Individual firms
– Global media and entertainment company
– Large national oil and natural gas company
• Exchanges
– Hong Kong Stock Exchange news site
– Online finance and trading platform
– U.S. securities and commodities exchanges
– Bitcoin exchange
Details are available in the complimentary white paper, DDoS
Attacks Against Global Markets
7. www.prolexic.com
Underground market services malicious clients
• Robust DDoS-as-a-Service marketplace
• DDoS tools available:
– Vary from simple to complex
– Permit the orchestration and management of large
numbers of zombie bots
• Clients rent ready-to-use botnets
• New! Flexible usage-based botnet pricing
– Adjusts the rental fee based on the size of the botnet
desired by a customer
8. www.prolexic.com
What’s next?
• Insurgency groups migrate their tactics online
– They adopt hacktivist iconography
– They target American and Western organizations
• Financial industry works to be better prepared for
future DDoS cyber attacks
• Attacks spread to other industry verticals,
wherever the most damage can be inflicted
• Organizations that are hit while unprepared will
suffer losses of public and investor confidence
9. www.prolexic.com
White paper: DDoS Attacks Against Global
Markets
• Download the white paper, DDoS Attacks Against
Global Markets in which PLXsert shares its insight into
the use of DDoS cyber-attacks to influence stock prices
and limit trading, including:
– Market manipulation
– 10 DDoS attack campaigns and their market effects
– Perpetrators, their attack methods and public statements
– Types of malicious actors and their motives
– Three groups responsible for most attacks
– Underground ecosystem that supports DDoS cyber attackers
10. www.prolexic.com
About Prolexic
• Prolexic Technologies is the world’s largest and
most trusted provider of DDoS protection and
mitigation services
• Prolexic has successfully stopped DDoS attacks for
more than a decade
• Our global DDoS mitigation network and 24/7
security operations center (SOC) can stop even the
largest attacks that exceed the capabilities of other
DDoS mitigation service providers