DDoS attacks now a growing menace
03 March 2005
Cyber criminals are targeting businesses to defraud, steal intellectual property and extort money by menace, says CITEC's partner in email security and management services, MessageLabs.
MessageLabs' Senior Anti-Virus Technologist, Alex Shipp says a pattern is emerging that betrays a modern technological exploitation of some traditional activities favoured by organised crime gangs - protection racketeering, extortion, money laundering, fraud and blackmail.
"A growing menace is the distributed denial of service (DDoS) attack, where someone targets your web site or email system by deliberately swamping your servers with thousands of simultaneous connections from a botnet army under their control," Alex said.
"It could be hostile action by a competitor wishing to damage your business or, increasingly likely, an act of old-fashioned extortion that threatens a DDoS attack unless a ransom demand is paid."
A recent case involved a US businessman, charged with deliberately launching DDoS attacks against three of his competitors who, he claimed, had stolen material from him and had launched DDoS attacks against his own business.
The perpetrator allegedly hired criminally-motivated hackers to flood the target e-commerce web sites with thousands of requests for image downloads. The result was that one competitor's site was forced to go offline for 12 hours, another for two weeks.
"Significantly, the hackers-for-hire were reported to have networks of between 5,000 and 10,000 zombie computers at their disposal, through which they could co-ordinate massive pressure on the target sites," Alex said.
"Botnets, as they are called, are networks of compromised PCs that have been hijacked surreptitiously by hackers, unbeknown to their owners. These PCs can then used to launch spam transmissions in massive volume.
"Botnets now represent a huge asymmetric risk to businesses because the defence mechanisms required to mitigate such an attack are hugely expensive, whilst renting a botnet remains a negligible cost."
CITEC's Director Infrastructure Management, Phil Murray, says the growing emergence of organised crime in the Internet fraud arena further endorses the need for businesses to protect themselves comprehensively from email security threats.
"A piecemeal approach to email security leaves a company dangerously exposed to a range of electronic threats," Phil said.
"Organisations that fail to adopt an in-depth defensive security strategy are vulnerable, and will struggle to stay ahead of emerging threats, such as DDoS attacks.
"CITEC partners with email security leaders such as MessageLabs to provide comprehensive security solutions to protect your business data and networks at all levels.
"We offer a complete lifecycle approach to identify the most suitable security strategy and solution.
"This approach includes a security audit, design and procurement, as well as product integration, management and reporting," he said.
For more information about CITEC's security solutions view our email screening security solutions.
More about MessageLabs
MessageLabs is the leading provider of managed email security services to businesses based on market share, according to the Yankee Group Security Solutions & Services, February 2004 Report. The company offers industry-leading managed Anti-Virus, Anti-Spam, Image Control and Content Control services to more than 8,500 businesses around the world to combat email threats before they reach corporate networks and without the need for additional hardware or software. For more information on MessageLabs, please visit www.messagelabs.com.
Read more CITEC feature news
CITEC feed available.
Read more about RSS at CITEC. Not sure what is RSS?
