Server-based botnets used in attacks against US banks
The recent attacks that hit United States banks are being attributed by government officials and security researchers to Iran, a charge the Iranian government has denied. The conclusion that the recent attacks were state sponsored was derived partially from the technical sophistication involved, said by computer security experts to be "far beyond" that of amateur hackers. In addition, the objective appears to be disruption, not money--another vital clue.
In a New York Times report, Carl Herberger, vice president of security solutions at Radware, called the "scope and effectiveness" of the attacks "unprecedented." Radware is investigating the attacks on behalf of banks and cloud service providers. More troubling though, is the discovery that the attackers were favoring compromised servers as a means to launch the DDoS, or Distributed Denial of Service, attacks.
Not only are these servers generally faster and more powerful than typical home machines, they are also capable of producing a much higher volume of traffic than the typical botnet formed from infected home computers and corporate workstations.
Additionally, the attackers are not using a "pull" architecture in which infected machines periodically retrieve instructions from predetermined locations on the Internet. Instead, the attackers are sending instructions directly to them. This opens up the attackers to easier identification, though it does offer the ability for them to react quickly and send out new instructions that are acted upon within seconds.
Herberger did not say which cloud service providers had been compromised, citing nondisclosure agreements with Radware's clients, though he did say that each new bank attack provided evidence that more data centers had been infected and exploited.