Distributed Denial of Service (DDoS) protection services provider Prolexic today released a warning about a growing trend where attackers carry out Online Fraud and Identity Thefts while misguiding IT personnel on the pretext of DDoS attacks.
Prolexic Security Engineering and Response Team (PLXsert) has observed Drive DDoS toolkit, an attack tool, as source of multiple recent DDoS attacks. The tool is a newer variant of the Dirt Jumper family of DDoS toolkits, a common denial of service attack tool used by attackers.
- The attackers use Drive DDoS toolkit as source of distraction to sidetrack IT security personnel while they break into customer accounts at finance firms and e-Commerce businesses to transfer funds out of bank accounts, gather passwords for later use, or place unauthorized orders.
- Companies focused on the damage caused by the DDoS attack don’t realize that it is a planned distraction as the application attacks from Drive toolkit increase server utilization without excessive network traffic. Encryption allows attackers to hide their identities.
– Stuart Scholly, President, Prolexic.
Six types of DDoS attacks are built into the Drive toolkit, allowing attackers to launch a variety DDoS attacks. The tool features GET floods, POST floods, POST2 floods, IP floods and IP2 floods directed at the application layer and UDP floods directed at network infrastructure.
Prolexic also shared attack signatures and details that are helpful to detect and stop DDoS attacks from the Drive DDoS toolkit.
Recognizing the Drive toolkit as the source of a DDoS attack can lead financial institutions, banking, insurance, investment firms, brokerages or e-Commerce firms to suspect and investigate possible fraudulent access of customer accounts that may have occurred during the attack.
An analysis of the Drive threat, including screenshots, launch commands, sample payloads and identifying signatures to enable DDoS mitigation techniques, is available free of charge in Prolexic’s Drive DDoS Threat Advisory.
Earlier this year Prolexic announced closing of a US$30 million Series C funding round led by new investors Trident Capital and Intel Capital.
At the beginning of the year, Prolexic released a suite of detection and mitigation rules, a log analysis tool and a comprehensive threat advisory on the ‘itsoknoproblembro’ DDoS toolkit.