Most of our customers just ‘take our word’ about their network security vulnerabilities. While respecting our security credentials, some decide not to take preventative action. They don’t fully understand how their vulnerabilities can be exploited by the bad guys. One particular entrenched vulnerability is called distributed denial of service attack (DDoS). In nontechnical terms, I’m going to explain how this vulnerability is now being used to steal your protected company information.
A DDoS attack is staged by a hacker using multiple hacked network devices to bombard/overwhelm your website’s host server with connection requests bringing your website to a crawl or even crashing the site. This isn’t a breach per se, but a diversion. This is how the scenario unfolds…
First, the hacker steals customer credentials, perhaps email addresses. Next, the hacker initiates a DDoS attack against, say a bank, that allows customers to do internet based banking. That DDoS attack creates a customer perceived outage (a real outage given the bank’s website from the customer point of view is inoperative).
The hacker sends forged email notifications to customers indicating ‘go here’ to login and resolve the issue. When the customer logins in to the forged site, the Hacker has been able to steal whatever information the customer provided (login ID, password, account number, etc.). When the DDoS attack subsides, the hacker can then use legitimate login information to the bank’s website to steal customer assets.
With a heightened level of sophistication, internet fraud will consume the unprotected. DDoS attacks are preventable, but only for the security committed organization. Orion Group can help.
To learn more, go here http://goo.gl/OAcyGZ