Prolexic Warns About Recent Trend of Online Fraud and Identity Theft Being Camouflaged by DDoS Attacks

Distributed Denial of Service (DDoS) protection services provider Prolexic today released a warning about a growing trend where attackers carry out Online Fraud and Identity Thefts while misguiding IT personnel on the pretext of DDoS attacks.

Prolexic Security Engineering and Response Team (PLXsert) has observed Drive DDoS toolkit, an attack tool, as source of multiple recent DDoS attacks. The tool is a newer variant of the Dirt Jumper family of DDoS toolkits, a common denial of service attack tool used by attackers.

  • The attackers use Drive DDoS toolkit as source of distraction to sidetrack IT security personnel while they break into customer accounts at finance firms and e-Commerce businesses to transfer funds out of bank accounts, gather passwords for later use, or place unauthorized orders.
  • Companies focused on the damage caused by the DDoS attack  don’t realize that it is a planned distraction as the application attacks from Drive toolkit increase server utilization without excessive network traffic. Encryption allows attackers to hide their identities.
In recent weeks, Prolexic has detected, stopped and mitigated DDoS attacks launched against our clients from the Drive DDoS toolkit. Although these attacks are cousins to Dirt Jumper DDoS toolkit, they have new signatures and communication patterns.
– Stuart Scholly, President, Prolexic.

Six types of DDoS attacks are built into the Drive toolkit, allowing attackers to launch a variety DDoS attacks. The tool features GET floods, POST floods, POST2 floods, IP floods and IP2 floods directed at the application layer and UDP floods directed at network infrastructure.

Prolexic also  shared attack signatures and details that are helpful to detect and stop DDoS attacks from the Drive DDoS toolkit.

Recognizing the Drive toolkit as the source of a DDoS attack can lead financial institutions, banking, insurance, investment firms, brokerages or e-Commerce firms to suspect and investigate possible fraudulent access of customer accounts that may have occurred during the attack.

An analysis of the Drive threat, including screenshots, launch commands, sample payloads and identifying signatures to enable DDoS mitigation techniques, is available free of charge in Prolexic’s Drive DDoS Threat Advisory.

Earlier this year  Prolexic announced closing of a US$30 million Series C funding round led by new investors Trident Capital and Intel Capital.

At the beginning of the year, Prolexic  released a suite of detection and mitigation rules, a log analysis tool and a comprehensive threat advisory on the ‘itsoknoproblembro’ DDoS toolkit.

Leave a Reply

Submit Comment
© 2016 DailyHostNews. All rights reserved. XHTML / CSS Valid.
DHN info@dailyhostnews.com | Submit | Advertise | Close