Note to Banks: Proactively validate your DDoS mitigation

Banks around the world are in the cross fire of the hacktivist group Anonymous who launched campaign Op-Icarus (#OPIcarus), against global financial institutions. Anonymous wants to bring public attention to what they call ‘corruption’ inside the financial industry. The first victims of Op-Icarus were Bank of Greece, and Bank of Cyprus both of who came under prolonged DDoS attacks and suffered major disruption and periodic downtime.

 

Tweet from Anonymouys

Tweet from Anonymous

In a video message Anonymous are threatening to attack the New York Stock Exchange and The Bank of England. However, a target list of more than 160 global financial organizations was also published on pastebin by the group.

What can you do to prevent downtime from a DDoS Attack?

You may have already invested in either a DDoS Mitigation device or cloud mitigation at the ISP level, or both, and trained your team for a DDoS attack scenario but have you ever taken the test to validate that your DDoS mitigation posture actually holds water?

Validate your DDoS Mitigation Posture

Take an offensive approach to defense by testing that your DDoS mitigation posture holds up in “peace time” and that it can be relied upone to mitigate the spectrum of DDoS attacks you will be confronted with when a real attack occurs.
When a DDoS mitigation system is deployed, there are numerous unique configuration issues to your network’s architecture that require fine-tuning. There are two ways to know if you’ve achieved optimal performance:
  • Come under attack and hope for the best, or
  • Systematically test at your convenience to ensure you are ready for an attack

Prove confidence with your ISP or Scrubbing center

By testing your DDoS Strategy you are also testing your processes and the SLA in place with your ISP to ensure all is working and continues to work as expected in the event you are the target of an attack.

Test your security team’s procedures and readiness for DDoS

Always check and improve your procedures for DDoS are working in a reliable manner. Make sure you have a DDoS attack procedure in place with a step by step guide on what to do in the event of a DDoS attack.
As mentioned in a previous blog , preparation is key to any cyber security strategy!
“If I had five minutes to chop down a tree, I’d spend the first three sharpening my axe”  – Abraham Lincoln

Leave a Reply

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.