Carl H.

MAHWAH, N.J., Sept. 9, 2013 (GLOBE NEWSWIRE) -- There are several dates throughout the year that are notorious for wreaking havoc on businesses via denial-of-service (DoS) attacks, data breaches and even malware or botnet assaults. As September 11(th) nears, rumors about coordinated cyber attacks on American websites continue to increase. Because of these potential risks, it's imperative that businesses tighten their network security measures now in order to protect themselves from potential… Show more

MAHWAH, N.J., Sept. 9, 2013 (GLOBE NEWSWIRE) -- There are several dates throughout the year that are notorious for wreaking havoc on businesses via denial-of-service (DoS) attacks, data breaches and even malware or botnet assaults. As September 11(th) nears, rumors about coordinated cyber attacks on American websites continue to increase. Because of these potential risks, it's imperative that businesses tighten their network security measures now in order to protect themselves from potential intrusion or disruption, which can result in profit-loss and tarnished user confidence.

According to Radware(R) , (Nasdaq:RDWR) a leading provider of application delivery and application security solutions for virtual and cloud data centers, there are two types of dates that hackers target: ideological and business-relevant dates. Ideological dates refer to holidays and anniversaries that have a cultural, religious or secular tie to the adversary. High-risks times for the United States in addition to September 11(th) include Memorial Day, Election Day and Independence Day. Business-relevant dates involve a period of time that companies are particularly vulnerable to attacks, such as Black Friday, Cyber Monday, or even regular business hours.

"Timing is an extremely influential risk-factor for cyber attacks throughout the year," said Carl Herberger, vice president of security solutions for Radware. "Hackers capitalize on overwhelming their target's environment on days of great importance and look to exploit vulnerabilities that cause the most detriment. Because these types of assaults show no signs of slowing, it's crucial that businesses implement anticipatory security measures in preparation of these peak times so that networks and data centers are able to properly detect and defend against sophisticated threats." Show less

Herberger added: "Whenever you centralize all of your security around fewer gatekeepers, you have the opportunity of a denial of service. That's the irony of it."

6. Be Prepared To Not Stop Every Attack

If attackers devote enough time and energy to finding a weakness that they can exploit with relatively low cost and little effort, then it will be almost impossible to stop them. "There's not a whole lot The New York Times can do if their third party DNS provider was hacked," said… Show more

Herberger added: "Whenever you centralize all of your security around fewer gatekeepers, you have the opportunity of a denial of service. That's the irony of it."

6. Be Prepared To Not Stop Every Attack

If attackers devote enough time and energy to finding a weakness that they can exploit with relatively low cost and little effort, then it will be almost impossible to stop them. "There's not a whole lot The New York Times can do if their third party DNS provider was hacked," said Ken Pickering, director of engineering at penetration testing firm CORE Security, via email. "The system is only really failsafe if DNS providers are unhackable, which obviously isn't the case. And this is the resultant outcome: A story that the NYT was hacked with very little they could do aside from picking a better service provider."

Furthermore, it's important to remember that the SEA -- graduating from its long-running Twitter account takeover activities -- found a new vulnerability to exploit. "They exposed some world-class exposures in some world-class environments," said Herberger. "To take down The New York Times website? Pretty impressive. To expose some security problems in Twitter, even if the rest of the world didn't know they were there? Very impressive." Show less

Mauritania, a poor desert nation straddling the Arab Maghreb and black sub-Saharan Africa, is an unlikely hacker base. It has 3.5 million inhabitants spread across an area the size of France and Germany, and only 3 percent of them have Internet access.

Much of the population lives in the capital Nouakchott, which has boomed from a town of less than 10,000 people 40 years ago to a sprawling, ramshackle city of a million inhabitants. In its suburbs, tin and cinderblock shanties battle the… Show more

Mauritania, a poor desert nation straddling the Arab Maghreb and black sub-Saharan Africa, is an unlikely hacker base. It has 3.5 million inhabitants spread across an area the size of France and Germany, and only 3 percent of them have Internet access.

Much of the population lives in the capital Nouakchott, which has boomed from a town of less than 10,000 people 40 years ago to a sprawling, ramshackle city of a million inhabitants. In its suburbs, tin and cinderblock shanties battle the Sahara's encroaching dunes and desert nomads stop to water their camels.

In the past six months experts have noted an increase in hacking activity from Mauritania and neighboring countries. In part, that reflects Mauritania Attacker's role in connecting pockets of hackers, said Carl Herberger, vice president of security solutions at Radware.

"This one figure, Mauritania Attacker, is kind a figure who brings many of these groups together," Herberger told Reuters. Show less

The NSA could also use readily available computer software and hardware to intercept electronic communications without the knowledge of Internet companies, Carl Herberger, a vice president for the network-security company Radware Ltd. (RDWR), said in an interview.
Without Notification
The technology can be installed at communication centers operated by Internet-service providers, said Herberger, whose company is based in Tel Aviv, Israel, and has offices in New Jersey.
The technology… Show more

The NSA could also use readily available computer software and hardware to intercept electronic communications without the knowledge of Internet companies, Carl Herberger, a vice president for the network-security company Radware Ltd. (RDWR), said in an interview.
Without Notification
The technology can be installed at communication centers operated by Internet-service providers, said Herberger, whose company is based in Tel Aviv, Israel, and has offices in New Jersey.
The technology, which Radware sells, can intercept communications or make copies of communications, as well as break encrypted messages, Herberger said.
“There’s no need to necessarily notify any of these Internet companies,” Herberger said. “Today, almost everything that’s being done on the Internet has the capacity to be archived and reviewed.”
Herberger said he had no direct knowledge of the PRISM program and that his company doesn’t sell the intercept technology to the U.S. government.
Mining data associated with people’s communications is hardly new for the government, said Michael Reiter, a professor of computer science at the University of North Carolina at Chapel Hill. The Patriot Act, which was passed in response to the terrorist acts of Sept. 11, 2001, authorized secret U.S. surveillance of phone calls and e-mails. Show less

Can’t these DDoS as service provider be shut down by law enforcement? It’s not that easy. Commented Carl Herberger, vice president of security solutions at mitigation provider Radware, “It's important to note that 'DDos for Hire' websites move around in terms of their technical underpinning. They don't stay in one area or one location for too long. It's almost like a game of "Whack-a-Mole" – just when you think you've identified the location of the website, it's already moved.”

Added… Show more

Can’t these DDoS as service provider be shut down by law enforcement? It’s not that easy. Commented Carl Herberger, vice president of security solutions at mitigation provider Radware, “It's important to note that 'DDos for Hire' websites move around in terms of their technical underpinning. They don't stay in one area or one location for too long. It's almost like a game of "Whack-a-Mole" – just when you think you've identified the location of the website, it's already moved.”

Added Chris Ensey, COO of security company Dunbar Digital Army, “These (DDoS as a service) sites are being resold like white-labeled products now. Most of the sellers are just affiliates who leverage another botnet or platform” – that is, they have none of their own infrastructure and, poof, they can be here today and back tomorrow under a new flag.

That’s the problem: it is very hard to pinpoint the location of a DDoS command and control center and when it’s found, said sources, it generally is in a country with little or no law enforcement reciprocity with the United States.

The bottom line for credit unions: “They have to take DDoS seriously. There is no turning this back,” said Shteiman. Show less

This week, the loosely coordinated Anonymous hacking crew promised an all-out assault against U.S. government and banking websites in retaliation for drone attacks and the wars in Iraq and Afghanistan. Tuesday was supposed to be a day of "justice for the downtrodden," with the sites of more than 100 large organizations coming under sustained denial-of-service computer attacks.
That didn't happen. A few sites, mostly obscure, were defaced or disrupted, and there were only six serious delays… Show more

This week, the loosely coordinated Anonymous hacking crew promised an all-out assault against U.S. government and banking websites in retaliation for drone attacks and the wars in Iraq and Afghanistan. Tuesday was supposed to be a day of "justice for the downtrodden," with the sites of more than 100 large organizations coming under sustained denial-of-service computer attacks.
That didn't happen. A few sites, mostly obscure, were defaced or disrupted, and there were only six serious delays overall, according to Carl Herberger, a vice president at Radware, a security firm in Tel Aviv, Israel, that monitored the attacks.
On the surface, "OpUSA" appeared to be a flop. The truth is, though, that we may never know whether it achieved its real aims. The reason? As I described in a Bloomberg News story this week, hackers are refining their skills of misdirection -- and getting rich from it. Show less

Earlier this week, the Al Qassam Cyber Fighters, a group that has claimed responsibility for a series of denial of service attacks since September that have rendered online and mobile banking inoperable at some of the nation's biggest financial institutions, said it planned to suspend its campaign through Thursday to avoid sowing confusion between its operation and the attacks threatened by Anonymous.

On Tuesday afternoon, however, networks used by the attackers - who have dubbed the… Show more

Earlier this week, the Al Qassam Cyber Fighters, a group that has claimed responsibility for a series of denial of service attacks since September that have rendered online and mobile banking inoperable at some of the nation's biggest financial institutions, said it planned to suspend its campaign through Thursday to avoid sowing confusion between its operation and the attacks threatened by Anonymous.

On Tuesday afternoon, however, networks used by the attackers - who have dubbed the effort OpUSA - showed low rates of activity, according to digital software security firm Radware, which is monitoring the threats.

The warnings follow a similar campaign against commercial and government targets in Israel by Anonymous, which has claimed responsibility for attacks on companies in that country that experts say was relatively unsophisticated in its approach.

The threat posed by the assaults depended on whether hacktivists could commandeer cloud computing facilities, which can ratchet up the velocity of barrages on websites that occur in a denial of service attack significantly, according to experts. "If we don't see that, it will be like Operation Israel," Carl Herberger, vice president of security solutions at Radware, told American Banker. Show less

A group of activist hackers kicked off an ambitious cyber operation on Tuesday that targets a slew of high-profile American targets, including major government agencies and dozens of U.S. financial-services companies.

The attack, dubbed OpUSA, marks the latest effort by Group Anonymous and other hacktivists to flood the websites of critical U.S. companies and agencies with massive amounts of traffic to slow down or even block access.

“We see this as a widening in the cyber war… Show more

A group of activist hackers kicked off an ambitious cyber operation on Tuesday that targets a slew of high-profile American targets, including major government agencies and dozens of U.S. financial-services companies.

The attack, dubbed OpUSA, marks the latest effort by Group Anonymous and other hacktivists to flood the websites of critical U.S. companies and agencies with massive amounts of traffic to slow down or even block access.

“We see this as a widening in the cyber war front and organizations may require new tactics or technical defenses to defend,” said Carl Herberger, vice president of security solutions at Radware (RDWR).

“We anticipate that today’s attacks will be against high impact targets, including government websites, law enforcement organizations, brand-name entities, financial services organizations and critical infrastructure providers,” he said.

The target list includes websites affiliated with the U.S. Department of Defense, the Pentagon, the National Archives, the National Security Agency, the FBI and the White House.
Show less

In a message posted on its official Twitter account, Japan-based Mt. Gox told users Thursday night it was “experiencing a major DDoS” attack. Within hours Mt. Gox said the issue had been resolved.
The exchange didn’t respond to a request for further comment on the DDoS attack.
According to the Mt. Gox website, it is the “world’s most established Bitcoin exchange” and the only multi-currency Bitcoin trading platform.
"This attack demonstrates both the worth of Bitcoin and the value of… Show more

In a message posted on its official Twitter account, Japan-based Mt. Gox told users Thursday night it was “experiencing a major DDoS” attack. Within hours Mt. Gox said the issue had been resolved.
The exchange didn’t respond to a request for further comment on the DDoS attack.
According to the Mt. Gox website, it is the “world’s most established Bitcoin exchange” and the only multi-currency Bitcoin trading platform.
"This attack demonstrates both the worth of Bitcoin and the value of its business availability. Now there are new risks to both,” said Carl Herberger, vice president of security solutions at Radware Show less

The latest waves of cyberattacks against U.S. banks – like the one that stalled Wells Fargo’s website for part of Tuesday afternoon – appear to be growing larger and more sophisticated, industry experts say.

The “denial of service” attacks, which flood a bank’s website with traffic to lock out legitimate customers, now tend to target more banks over the course of a day or week. They also may change their tactics hour by hour, making it harder for banks to get their sites back… Show more

The latest waves of cyberattacks against U.S. banks – like the one that stalled Wells Fargo’s website for part of Tuesday afternoon – appear to be growing larger and more sophisticated, industry experts say.

The “denial of service” attacks, which flood a bank’s website with traffic to lock out legitimate customers, now tend to target more banks over the course of a day or week. They also may change their tactics hour by hour, making it harder for banks to get their sites back up.

Banks have said little publicly about the attacks, beyond assuring customers that their data are safe. But companies that specialize in bank security say banks are investing more heavily in systems aimed at preventing them.

“This is the longest cyberattack on an industry sector that we’ve ever experienced on the face of the earth,” said Carl Herberger, vice president of security solutions at Radware, which works with banks and other companies on security.
Show less

According to Herberger, the campaigns, which appear to be waged separately but all derail operations of banks and other firms, take three forms. One is the attack on South Korea that used so-called directed attacks, via malware, to disrupt bank operations. A second are the so-called denial of service attacks waged against U.S. banks by hacktivists who vow to continue their campaign until YouTube takes down a trailer for an anti-Muslim film.

According to Herberger, that campaign, which… Show more

According to Herberger, the campaigns, which appear to be waged separately but all derail operations of banks and other firms, take three forms. One is the attack on South Korea that used so-called directed attacks, via malware, to disrupt bank operations. A second are the so-called denial of service attacks waged against U.S. banks by hacktivists who vow to continue their campaign until YouTube takes down a trailer for an anti-Muslim film.

According to Herberger, that campaign, which hacktivists claiming responsibility have dubbed Operation Ababil, is proceeding "with a great degree of changing tactics and ferocity," as evidenced by attacks recently on roughly a half dozen U.S. banks in a single day.

The third operation, says Herberger, is Operation Israel, in which the hacker collective Anonymous has claimed credit for electronic assaults against banks and mobile phone companies in Israel to protest what the group says are the government's policies in Gaza.

"If you step back and look at what's going on, it's a very strange period of time, in that we really have normalized major industrial sector attacks," Herberger added. "It's the new normal."
Show less

Though JPMorgan Chase (JPM) and BB&T (BBT) are the only big banks to confirm a denial of service attack on Tuesday, roughly a half dozen institutions endured digital assaults at around the same time, according to Radware, a security firm that has investigated cyber intrusions on behalf of financial firms.

Tuesday's attacks "were the largest attacks we've seen to date in scale," Carl Herberger, a vice president of security solutions at Radware, told American Banker. "The one that was… Show more

Though JPMorgan Chase (JPM) and BB&T (BBT) are the only big banks to confirm a denial of service attack on Tuesday, roughly a half dozen institutions endured digital assaults at around the same time, according to Radware, a security firm that has investigated cyber intrusions on behalf of financial firms.

Tuesday's attacks "were the largest attacks we've seen to date in scale," Carl Herberger, a vice president of security solutions at Radware, told American Banker. "The one that was advertised to the world was Chase, but I can tell you that almost on an hourly basis banks were being attacked, which is a very substantial campaign."
Show less

I've been covering the DDoS hits against leading U.S. banking institutions since mid-September, when the so-called first campaign was launched. As time has gone on, these attacks have gotten more powerful because the hacktivists' botnet, known as Brobot, has grown. And since the beginning of the year, they've expanded their aim to target more institutions at the mid-tier level.

The hacktivists' attacks are cascading by exploiting applications hosted in the cloud, says Carl Herberger… Show more

I've been covering the DDoS hits against leading U.S. banking institutions since mid-September, when the so-called first campaign was launched. As time has gone on, these attacks have gotten more powerful because the hacktivists' botnet, known as Brobot, has grown. And since the beginning of the year, they've expanded their aim to target more institutions at the mid-tier level.

The hacktivists' attacks are cascading by exploiting applications hosted in the cloud, says Carl Herberger, vice president of security solutions for Radware, an anti-DDoS provider for enterprise management.

Brobot is attacking cloud-based servers, infecting the applications they host and then using those applications as conduits to infect the cloud providers' infrastructures.



But the bot has been architected to only affect the applications, not the providers' overall performance. Thus, application infections are not immediately detected, and the cloud providers don't have much incentive to take proactive steps to monitor for infections.

Here's the genius of it all: Because banks rely on these cloud-hosted applications, when they respond to a DDoS attack, they can't just block IP traffic that comes from infected applications. "In essence, doing so caused them to DDoS themselves during the early attacks," Herberger says
Show less

Carl Herberger, vice president of security solutions at security firm Radware (RDWR), confirmed that the attacks commenced again in recent days, representing the fifth wave that has been linked to this group since September.

Al-Qassam also claimed to have attacked the websites of Comerica (CME) and Union Bankshares (UNB) this week. Just weeks ago al-Qassam announced plans to suspend its campaign against U.S. financial institutions due to the removal of the main copy of the film, which… Show more

Carl Herberger, vice president of security solutions at security firm Radware (RDWR), confirmed that the attacks commenced again in recent days, representing the fifth wave that has been linked to this group since September.

Al-Qassam also claimed to have attacked the websites of Comerica (CME) and Union Bankshares (UNB) this week. Just weeks ago al-Qassam announced plans to suspend its campaign against U.S. financial institutions due to the removal of the main copy of the film, which appears on Google's (GOOG) YouTube.

Previous attacks have attempted to slow or limit access to the websites of a wide range of U.S. banks, including J.P. Morgan Chase (JPM) and Wells Fargo (WFC).

While al-Qassam has taken responsibility for the slew of cyber attacks against U.S. banks, some researchers haven’t been able to draw definitive links to the group. Some U.S. officials have indicated they believe Iran may be linked to the attacks.
Radware recently reported that DDoS attacks have soared by 170% in 2012, costing financial-services companies an estimated $32,560 per minute of downtime.
Show less

On air TV News Interview

Metro firms fight cyberthreat
Atlanta's strong IT, financial presence drawing 'hacktivists.'
February 7, 2013
Atlanta Journal Constitution
When Islamist hackers recently shut down bank websites around the country, many metro Atlantans fund themselves pawns in an escalating game of international political intrigue.
No longer just customers trying to access their bank accounts, they became the targets of a group attacking banks to apply political pressure --- "collateral damage… Show more

Metro firms fight cyberthreat
Atlanta's strong IT, financial presence drawing 'hacktivists.'
February 7, 2013
Atlanta Journal Constitution
When Islamist hackers recently shut down bank websites around the country, many metro Atlantans fund themselves pawns in an escalating game of international political intrigue.
No longer just customers trying to access their bank accounts, they became the targets of a group attacking banks to apply political pressure --- "collateral damage, " in the words of Jon Ramsey, chief technology officer for Atlanta-based Dell SecureWorks.
In this instance, the attackers wanted the removal of a YouTube video that lampooned the Islamic prophet, Muhammad.
Such strikes --- some perhaps instigated by hostile foreign governments --- are on the rise, and metro Atlanta is a particularly tempting target, say experts engaged in trying to thwart the attackers.
This region is home not only to myriad banks but a robust and growing cluster of IT companies that specialize in online financial services.
The attacks have even introduced a new term into the lexicon: hacktivist, a person with a political agenda and a mastery of computer sabotage.
After four months of sporadic attacks on bank websites, many metro Atlanta businesses are busily fortifying their cyberperimeter, said officials from several security firms working here. Holden's company has opened an office in Dunwoody and is working with about a dozen companies, including banks, firms that do online business, and Internet service providers.
The battle is escalating quickly. The federal government recently approved a major expansion of its cybersecurity force, according to The Washington Post.
"Some customers say, if you're not up in two days, we'll leave you, " said Carl Herberger, vice president of security solutions at Radware. Show less

If Iran is masterminding the online attacks against U.S. banks, where's the hard evidence?

Numerous current and former U.S. officials have accused the Iranian government of sponsoring the distributed denial-of-service (DDoS) attacks, which began in September and recently restarted. For four months, the attacks have disrupted the websites of many of the United States' leading financial institutions, including Bank of America, Citigroup, JPMorgan Chase and Wells Fargo.

Shortly after… Show more

If Iran is masterminding the online attacks against U.S. banks, where's the hard evidence?

Numerous current and former U.S. officials have accused the Iranian government of sponsoring the distributed denial-of-service (DDoS) attacks, which began in September and recently restarted. For four months, the attacks have disrupted the websites of many of the United States' leading financial institutions, including Bank of America, Citigroup, JPMorgan Chase and Wells Fargo.

Shortly after the first wave of attacks began, U.S. officials began blaming Iran, and have continued to do so. "There is no doubt within the U.S. government that Iran is behind these attacks," James A. Lewis, who's a former official at the State and Commerce Departments, told the The New York Times.

Officials have also noted that the attacks are so sophisticated and unstoppable that only a nation state could have launched them. Others have said that the attackers have pursued disruption, rather than personal enrichment, which further suggests nation state involvement. But to date, government officials have produced no evidence that links Iran to the attacks.

Many information security experts, however, see no irrefutable signs of Iranian involvement. "You can tell that it was planned and executed pretty well," said Carl Herberger, VP of security solutions at Radware, which has been investigating the attacks on behalf of its customers.

But Herberger noted that project management skills aren't evidence of Iranian backing. Show less

US financial institutions are being pounded with high-powered cyber attacks that some suspect are being orchestrated by Iran as payback for political sanctions.
"There is no doubt within the US government that Iran is behind these attacks," James Lewis, a former official in the state and commerce departments and now a computer security expert at the Center for Strategic and International Studies, told the New York Times.
While the identities of those behind the online onslaught officially… Show more

US financial institutions are being pounded with high-powered cyber attacks that some suspect are being orchestrated by Iran as payback for political sanctions.
"There is no doubt within the US government that Iran is behind these attacks," James Lewis, a former official in the state and commerce departments and now a computer security expert at the Center for Strategic and International Studies, told the New York Times.
While the identities of those behind the online onslaught officially remain a mystery, it was clear they were using a potent new weapon for slamming bank websites with overwhelming numbers or requests for information.
The attackers infected datacenters used to host services in the Internet "cloud" and commandeered massive computing power to back distributed denial of service (DDoS) attacks, according to security experts.

DDoS attacks have been a basic hacker weapon for quite some time, but they have typically involved using armies of personal computers tainted with viruses and coordinated to make simultaneous requests at targeted websites.
"They are essentially going from a pistol to a cannon," Radware vice president of security solutions Carl Herberger said of cyber attackers using datacenters. "That was one major achievement."
Show less

Cyberattacks on U.S. banks over the last several months reflect a frightening new era in cyberwarfare that corporations are unprepared to battle because of a shortage of experts skilled in building effective defenses, one security expert says.

Since September, U.S. banks have been battling with mixed success distributed denial of service (DDoS) attacks from a self-proclaimed hactivist group called Izz ad-Din al-Qassam Cyber Fighters. Despite its claims of being a grassroots operation… Show more

Cyberattacks on U.S. banks over the last several months reflect a frightening new era in cyberwarfare that corporations are unprepared to battle because of a shortage of experts skilled in building effective defenses, one security expert says.

Since September, U.S. banks have been battling with mixed success distributed denial of service (DDoS) attacks from a self-proclaimed hactivist group called Izz ad-Din al-Qassam Cyber Fighters. Despite its claims of being a grassroots operation, U.S. government officials and security experts say the group is a cover for Iran.

"There is no doubt within the U.S. government that Iran is behind these attacks," James A. Lewis, a former official in the State and Commerce Departments and a computer security expert at the Center for Strategic and International Studies, told The New York Times.

The skill of the attackers goes far beyond typical DDoS attacks conducted by hacktivist groups such as Anonymous. Instead of originating from networks of compromised PCs, bandwidth-clogging, bogus data streaming to banking sites are coming from hijacked Web servers in data centers.

These muscle systems have enabled the attackers to generate as much as 70 gigabits per second of traffic, enough to totter the sites of even the largest financial institutions.
Show less

A CNN interview for the Wolf Blitzer show - "Situation Room"

Live interview on Fox Business News

What DDoS attacks reveal about your security infrastructure

by Carl Herberger - VP of Security, Radware - Monday, 31 December 2012.



As we close out 2012, there is no doubt that this year will go down as epic in the history books of information security professionals. Looking back on the year it’s not hard to find a laundry list of security programs that have been overrun by nefarious perpetrators or to see how dramatically different the risk landscape is today than just… Show more

What DDoS attacks reveal about your security infrastructure

by Carl Herberger - VP of Security, Radware - Monday, 31 December 2012.



As we close out 2012, there is no doubt that this year will go down as epic in the history books of information security professionals. Looking back on the year it’s not hard to find a laundry list of security programs that have been overrun by nefarious perpetrators or to see how dramatically different the risk landscape is today than just a year ago. Taking stock of it all, the following are some of the most notable attacks:•Jan - Feb 2012 – Group Anonymous attacks various Israeli sites leaving, among others, the Israeli Stock exchange in operational duress for a moment
•March 2012 – Operation Global Blackout – Group Anonymous threatens to take out the internet by attacking the DNS infrastructure of the world
•July – Aug 2012 – Admin.HLP Trojan wreaks havoc in wild
•Aug 2012 – AT&T suffers a near day long outage originating from an attack on their DNS infrastructure
•Sept – Oct 2012 – Operation Ababil launched against US banking and financial institutions. The vast majority of US banks suffer various degrees of outages, attacks leverage new SSL tool
•Nov – Dec 2012 – OpIsrael & OpZionism launched against various Israeli interests as a result of ongoing political struggles.
While these are just a few of this year’s attack profiles, there are more than enough lessons to be learned from each event to teach security professionals for months and years to come.
Show less

The websites of major U.S. banks are facing a new round of cyber attacks linked to the same group responsible for similar assaults earlier this year.

The latest attacks started last week and have hit Bank of America Corp., SunTrust Banks Inc. (STI), JPMorgan Chase & Co. (JPM), U.S. Bancorp, Wells Fargo & Co. (WFC) and PNC Financial Services Group Inc. (PNC), according to two executives at companies providing security to some of the targeted banks, who asked for anonymity because they… Show more

The websites of major U.S. banks are facing a new round of cyber attacks linked to the same group responsible for similar assaults earlier this year.

The latest attacks started last week and have hit Bank of America Corp., SunTrust Banks Inc. (STI), JPMorgan Chase & Co. (JPM), U.S. Bancorp, Wells Fargo & Co. (WFC) and PNC Financial Services Group Inc. (PNC), according to two executives at companies providing security to some of the targeted banks, who asked for anonymity because they weren’t authorized to discuss clients and didn’t want their companies to become targets of computer assaults. PNC was under attack today, the executives said.

A group calling itself Izz ad-Din al-Qassam Cyber Fighters announced plans to attack banks in a Dec. 10 statement posted on the website pastebin.com. The same group claimed responsibility for a series of distributed denial-of-service (DDoS) attacks in September and October that flooded bank websites with Internet traffic and caused disruptions and slowdowns for online customers.

“The purpose of it is to try to disrupt or stop online banking access,” said Bill Nelson, president of the Financial Services Information Sharing and Analysis Center, which disseminates cyber threat information to the financial services industry. “There are some outages occasionally, but it hasn’t prevented customers from transacting business.”
Show less

Fox Business News ON-AIR interview about Operation Blitzkrieg & current security events

December 06, 2012— CSO— Anonymous is planning to launch a cyberattack this weekend against the website of the International Telecommunications Union, a United Nations agency holding a meeting of 190 governments to discuss political and commercial control of the Internet, a security firm says.

The ITU-organized World Conference on International Telecommunications runs Dec. 3-14 in Dubai. The secretive meet has sparked rage within Anonymous and the blogosphere over a Russian proposal to… Show more

December 06, 2012— CSO— Anonymous is planning to launch a cyberattack this weekend against the website of the International Telecommunications Union, a United Nations agency holding a meeting of 190 governments to discuss political and commercial control of the Internet, a security firm says.

The ITU-organized World Conference on International Telecommunications runs Dec. 3-14 in Dubai. The secretive meet has sparked rage within Anonymous and the blogosphere over a Russian proposal to hand control over the Internet to the ITU.

Such conspiracy theories are unlikely to become reality, experts say. That's because such a move would require an international consensus, and many countries would oppose such a proposal, including the U.S.

Nevertheless, the hacktivist collective Anonymous posted a YouTube video last week denouncing the ITU meeting and warning of "grave consequences" to human rights.
Show less

Nov. 29 (Bloomberg) -- Dmitri Alperovitch, co-founder and chief technology officer at CrowdStrike Inc., Carl Herberger, vice president of security solutions in Americas at Radware, Mike McConnell, vice chairman of Booz Allen Hamilton Inc., and Andy Ozment, White House national security staff's senior director for cybersecurity, participate in a panel discussion about thwarting state-based cyber attacks on financial institutions. Bloomberg's Michael Riley moderates the panel at the Bloomberg… Show more

Nov. 29 (Bloomberg) -- Dmitri Alperovitch, co-founder and chief technology officer at CrowdStrike Inc., Carl Herberger, vice president of security solutions in Americas at Radware, Mike McConnell, vice chairman of Booz Allen Hamilton Inc., and Andy Ozment, White House national security staff's senior director for cybersecurity, participate in a panel discussion about thwarting state-based cyber attacks on financial institutions. Bloomberg's Michael Riley moderates the panel at the Bloomberg Link's Enterprise Risk Conference in New York. (Source: Bloomberg) Show less

November 16, 2012— CSO — Anonymous-led denial of service attacks continued unabated for the second day Friday against Israeli government and corporate websites in retaliation for airstrikes in the Gaza Strip.

The hacktivist collective started its Operation Israel campaign at 3 a.m. Eastern time Thursday by attacking sites that belonged to the Israel Defense Forces, the Prime Minister's office, Israeli banks, airlines, media outlets and security companies.

Anonymous claimed on a… Show more

November 16, 2012— CSO — Anonymous-led denial of service attacks continued unabated for the second day Friday against Israeli government and corporate websites in retaliation for airstrikes in the Gaza Strip.

The hacktivist collective started its Operation Israel campaign at 3 a.m. Eastern time Thursday by attacking sites that belonged to the Israel Defense Forces, the Prime Minister's office, Israeli banks, airlines, media outlets and security companies.

Anonymous claimed on a Pastebin post to have defaced or disrupted nearly 100 sites. The actual number could not be confirmed.

However, the flood of Web traffic Anonymous aimed at its targets remained heavy on Friday, said Carl Herberger, vice president of security solutions at Radware, which was monitoring the attacks.

"[The attacks have] actually increased both in ferocity and in types of attack tactics," Herberger said.

Radware was unable to say how many sites were disrupted. However, the attackers were targeting small businesses, as well as government and corporate sites.

"You'd be surprised at the sites that are going down," Herberger said. "They seem to be inconsequential in the scheme of things. It seems almost like personal vendettas."

At the same time, the attackers had taken down temporarily the Tel Aviv government website, as well as portions of the IDF site. "These are the brand name sites they've been going after, and they've been effective at it," he said.
Show less

Data breaches happen on a near daily basis, and often they have a profoundly negative impact on the attacked business. But in some cases, they can change the security industry and influence legislation.

“Security breaches are relatively immeasurable, but the economic impact is small compared to the loss of confidence in security from the populace and from customers,” Carl Herberger of security solutions company Radware, told Mashable.

Security professionals have recently learned that a cartel of Russian hackers is planning to launch a separate attack aimed at stealing money from about 30 U.S. financial institutions, an apparent attempt to piggyback and capitalize on the ongoing cyber attacks on U.S. banks.

The emergence of Russian hackers suggests a potential shift in the motivation of the cyber attacks from ideological to financial and also points to a longer duration of the ongoing attacks.

“It’s like an… Show more

Security professionals have recently learned that a cartel of Russian hackers is planning to launch a separate attack aimed at stealing money from about 30 U.S. financial institutions, an apparent attempt to piggyback and capitalize on the ongoing cyber attacks on U.S. banks.

The emergence of Russian hackers suggests a potential shift in the motivation of the cyber attacks from ideological to financial and also points to a longer duration of the ongoing attacks.

“It’s like an axis of evil. There’s nothing like having folks who are conveniently on the same side of the fight,” said Carl Herberger, vice president of security solutions at security firm Radware
Read more: http://www.foxbusiness.com/industries/2012/10/11/under-fire-russian-hackers-plan-us-cyber-bank-heist/#ixzz29B3qI6rQ Show less

Capital One (COF) Financial Corp. said it was the latest target in a new round of coordinated cyber attacks aimed at disrupting the websites of major U.S. banks, and SunTrust Banks Inc. (STI) and Regions Financial (RF) Corp. said they expect to be next.

Pam Girardo, a spokeswoman for McLean, Virginia-based Capital One, confirmed in an e-mail statement today that the bank’s online systems were disrupted and later that most online services had been restored.

“At this point, we… Show more

Capital One (COF) Financial Corp. said it was the latest target in a new round of coordinated cyber attacks aimed at disrupting the websites of major U.S. banks, and SunTrust Banks Inc. (STI) and Regions Financial (RF) Corp. said they expect to be next.

Pam Girardo, a spokeswoman for McLean, Virginia-based Capital One, confirmed in an e-mail statement today that the bank’s online systems were disrupted and later that most online services had been restored.

“At this point, we have no reason to believe that customer and account information is at risk,” she said in the earlier statement.
Show less

Who's behind the recent online attacks against multiple financial institutions including Bank of America, JPMorgan Chase, PNC, U.S. Bank, and Wells Fargo? In recent weeks, all have bit hit by large-scale distributed denial-of-service (DDoS) attacks. Cue website outages and customer outrage.

A self-described hacktivist group, the Cyber fighters of Izz ad-din Al qassam, has taken credit for organizing the related Operation Ababil, which it claims is a grassroots campaign to protest the… Show more

Who's behind the recent online attacks against multiple financial institutions including Bank of America, JPMorgan Chase, PNC, U.S. Bank, and Wells Fargo? In recent weeks, all have bit hit by large-scale distributed denial-of-service (DDoS) attacks. Cue website outages and customer outrage.

A self-described hacktivist group, the Cyber fighters of Izz ad-din Al qassam, has taken credit for organizing the related Operation Ababil, which it claims is a grassroots campaign to protest the recent release of a film that mocked the founder of Islam.
Show less

How were amateur hackers able to take down some of America’s largest banks? And who were they?

Those were some of the bigger mysteries of last week’s cyberattacks on Wells Fargo, U.S. Bank, PNC, the New York Stock Exchange and others, that caused intermittent Internet outages and delays in online banking.

A group claiming Middle Eastern ties, the Izz ad-Din al-Qassam Cyber Fighters, took credit for the attacks online. They claimed to have taken the Web sites down using basic… Show more

How were amateur hackers able to take down some of America’s largest banks? And who were they?

Those were some of the bigger mysteries of last week’s cyberattacks on Wells Fargo, U.S. Bank, PNC, the New York Stock Exchange and others, that caused intermittent Internet outages and delays in online banking.

A group claiming Middle Eastern ties, the Izz ad-Din al-Qassam Cyber Fighters, took credit for the attacks online. They claimed to have taken the Web sites down using basic online applications. But security researchers said those methods were far too amateur to have been effective.

Indeed, representatives for PNC, U.S. Bank and Wells Fargo all said that while they had systems in place to fend off such “denial of service”, or DDoS, attacks — in which hackers bombard a site with traffic until it falls offline — in this case, the volume of traffic was simply “unprecedented.”
Show less

Security professionals investigating the cyber attacks that crippled the websites of U.S. banks last month have discovered the tools at the heart of the attacks are more complex than previously thought and have also been found in Saudi Arabia.

The findings from security firm Radware (RDWR) suggest the attacks -- which are ongoing -- may be harder to stop than had been hoped.

“If I’m a small band of thugs and I’ve been using handguns and rifles, I’ve now given myself electronic… Show more

Security professionals investigating the cyber attacks that crippled the websites of U.S. banks last month have discovered the tools at the heart of the attacks are more complex than previously thought and have also been found in Saudi Arabia.

The findings from security firm Radware (RDWR) suggest the attacks -- which are ongoing -- may be harder to stop than had been hoped.

“If I’m a small band of thugs and I’ve been using handguns and rifles, I’ve now given myself electronic access to major weapons systems,” said Carl Herberger, vice president of security solutions at Radware.

Herberger said the company has found a variant of the malware in “labs in Saudi Arabia” that is a “slightly different version from what’s being used in the wild.”

It’s not clear if this means the malware actually came from Saudi Arabia or just ended up there coincidentally.
Read more: http://www.foxbusiness.com/industries/2012/10/05/version-bank-cyber-attack-tools-found-in-saudi-arabia/#ixzz28VMEq4yR Show less

The majority of the banking attack traffic does not appear to have been generated by client bots, but rather from compromised servers in data centers, Carl Herberger, vice-president of security solutions at Radware, told SecurityWeek on Thursday.

The “itsoknoproblembro” toolkit did not compromise those servers in the first place, as Radware believes the servers were already under the attacker's control before being infected with the DDoS attack kit, Herberger said.

Some of the… Show more

The majority of the banking attack traffic does not appear to have been generated by client bots, but rather from compromised servers in data centers, Carl Herberger, vice-president of security solutions at Radware, told SecurityWeek on Thursday.

The “itsoknoproblembro” toolkit did not compromise those servers in the first place, as Radware believes the servers were already under the attacker's control before being infected with the DDoS attack kit, Herberger said.

Some of the U.S.-based financial institutions that fell under attack in late September include Bank of America, JPMorgan Chase, PNC Bank, and others. While not all the institutions confirmed being hit by denial of service attacks, they all experienced extremely high traffic volumes that affected the availability of their sites within days of each other.

The fact that the denial of service attacks originated from servers within the data center, as opposed to a large botnet or series of client machines, means the attack traffic could bypass security mechanisms in place, Herberger said. The servers generally have a trust relationship with the endpoints, which means malicious traffic coming from the servers look like internal traffic and abuse that relationship, Herberger said. Show less

Contribution to reporter's article

Carl Herberger – former Pentagon security advisor and vice president, Security Solutions at Radware talks Network Middle East through future threats facing enterprises.

Managing the security of critical information has proven a challenge for businesses and organizations of all sizes. Even companies that invest in the latest security infrastructure and tools soon discover that these technology-based “solutions” are short-lived. From antivirus software to firewalls and intrusion detection and prevention systems, these solutions are, in fact, merely the most effective strategies at the time of implementation. In other words, as soon as businesses build or… Show more

Managing the security of critical information has proven a challenge for businesses and organizations of all sizes. Even companies that invest in the latest security infrastructure and tools soon discover that these technology-based “solutions” are short-lived. From antivirus software to firewalls and intrusion detection and prevention systems, these solutions are, in fact, merely the most effective strategies at the time of implementation. In other words, as soon as businesses build or strengthen a protective barrier, the “bad guys” find another way to get in. Attackers are constantly changing their tactics and strategies to make their attacks and scams as damaging as possible. The good news is that it appears that attacks and subsequent defenses are breaking down in categories which can be measured systematically. This article breaks down the steps for effective attack mitigation. Show less

As security threats and technologies have evolved over the years, the line between physical and IT security has also begun to blur. Indeed, CSOs and CISOs at many organizations now wear dual hats as their duties have become more intertwined.

A rumored attack on the world's DNS servers by Anonymous failed to materialize. But the many enterprises still ignoring persistent weaknesses could learn from the defensive strategy.

Observers expressed doubt that Anonymous could make good on its threat to take down the Internet on March 31, but even skeptics advised caution.
GCN (http://s.tt/1adZF)

The hacktivist organization known as Anonymous has announced its plans to disable the internet this Saturday, March 31st. The group has been known to bring down websites, large ones at that, but has never attempted something as large as the entire internet before.

Recently I had a great interview with Carl Herberger, Vice President of Security Solutions at Radware, and he shared some interesting things related to enterprise security, especially when cloud-based technologies are involved.

By all indications this month will go down in the record books as one o the most active periods o cyber-hacktivism in theshort history o this new category o threats. Moreover, given the current efcacy o these attacks we believe this will onlyserve to encourage even more actors to enter the picture and spawn a vicious cycle o uture malicious activity.No one can say or certain how all o this will play out in the coming days, however given the increased requency, directedattacks, and… Show more

By all indications this month will go down in the record books as one o the most active periods o cyber-hacktivism in theshort history o this new category o threats. Moreover, given the current efcacy o these attacks we believe this will onlyserve to encourage even more actors to enter the picture and spawn a vicious cycle o uture malicious activity.No one can say or certain how all o this will play out in the coming days, however given the increased requency, directedattacks, and eectiveness o the techniques, we can saely assume the ollowing:

•Cyberattacksgomainstreamformaliciousactivists•Reassessingtherisk–yourorganizationislikelyatarget•CyberweaponofMassDisruption–DDoSattack•Architectingtheperimeterforattackmitigation•Theneedforcomplementingsecuritytechnologies•Counterattacksareneeded!Defensemitigationstrategiesarealsoevolvingandnowincludeactive

counterattack strategies Show less

A couple of weeks ago, we identified 10 key information security and compliance concerns for 2010. Developing a comprehensive information security program that addresses how to manage each of these considerations is paramount to ensuring the integrity of your business' data and the compliance of your organization.

Establishing a program to protect against these vulnerabilities can be daunting, but these steps are a great way to start.

Growing Threat
Cybersecurity threats posed by foreign governments and terrorist groups against U.S. networks are growing, Jenny Durkan, U.S. Attorney for the Western District of Washington, said in prepared testimony for the hearing.

“Although to date they have resembled in some ways the crimes perpetrated by financially motivated criminals, their emergence and evolution make the threat of cyber-generated physical attacks, like those that might disrupt the power grid, appear no longer… Show more

Growing Threat
Cybersecurity threats posed by foreign governments and terrorist groups against U.S. networks are growing, Jenny Durkan, U.S. Attorney for the Western District of Washington, said in prepared testimony for the hearing.

“Although to date they have resembled in some ways the crimes perpetrated by financially motivated criminals, their emergence and evolution make the threat of cyber-generated physical attacks, like those that might disrupt the power grid, appear no longer to be the stuff of science fiction,” she said.

To help prevent attacks, the Justice Department is establishing cells of cybersecurity specialists “to focus on particular high-priority cyber targets,” Durkan said. She said one cell is operational, without providing details.

There’s been “an uptick” in cyber attacks against U.S. electric companies this year, Carl Herberger, a vice president for the network security firm Radware Ltd. (RDWR), said in a phone interview. Show less

Hacktivist collective Anonymous has made joining a denial-of-service attack as easy as clicking a link on a Twitter post, making it possible to gather an army of unwitting participants.

The attackers hit one American bank after the next. As in so many previous attacks, dozens of online banking sites slowed, hiccupped or ground to a halt before recovering several minutes later.
But there was something disturbingly different about the wave of online attacks on American banks in recent weeks. Security researchers say that instead of exploiting individual computers, the attackers engineered networks of computers in data centers, transforming the online equivalent of a few… Show more

The attackers hit one American bank after the next. As in so many previous attacks, dozens of online banking sites slowed, hiccupped or ground to a halt before recovering several minutes later.
But there was something disturbingly different about the wave of online attacks on American banks in recent weeks. Security researchers say that instead of exploiting individual computers, the attackers engineered networks of computers in data centers, transforming the online equivalent of a few yapping Chihuahuas into a pack of fire-breathing Godzillas.
The skill required to carry out attacks on this scale has convinced United States government officials and security researchers that they are the work of Iran, most likely in retaliation for economic sanctions and online attacks by the United States.
But there was something disturbingly different about the wave of online attacks on American banks in recent weeks. Security researchers say that instead of exploiting individual computers, the attackers engineered networks of computers in data centers, transforming the online equivalent of a few yapping Chihuahuas into a pack of fire-breathing Godzillas.
The skill required to carry out attacks on this scale has convinced United States government officials and security researchers that they are the work of Iran, most likely in retaliation for economic sanctions and online attacks by the United States.
“The scale, the scope and the effectiveness of these attacks have been unprecedented,” said Carl Herberger, vice president of security solutions at Radware, a security firm that has been investigating the attacks on behalf of banks and cloud service providers. “There have never been this many financial institutions under this much duress.”
Show less

Mary Gieser McCandless recently spent three hours trying to log on to Wells Fargo & Co.'s website before a customer service representative declared the problem was her computer.

The diagnosis puzzled Ms. McCandless, who is no Luddite. She builds database software from her home in Winston-Salem, N.C. She only figured out the real problem later that day, after seeing news reports about how big banks were the target of a cyberattack.

"It's really annoying that I had to go to other… Show more

Mary Gieser McCandless recently spent three hours trying to log on to Wells Fargo & Co.'s website before a customer service representative declared the problem was her computer.

The diagnosis puzzled Ms. McCandless, who is no Luddite. She builds database software from her home in Winston-Salem, N.C. She only figured out the real problem later that day, after seeing news reports about how big banks were the target of a cyberattack.

"It's really annoying that I had to go to other sources to find out what was going on with my bank," she said. "It doesn't inspire a lot of confidence."

A wave of cyberattacks over the past month is exposing a new kink in the armor of banks already laboring under the weight of a weak economy, low interest rates and tough new rules. Banks have long resisted admitting any online vulnerability. But as hackers get more sophisticated, lenders face growing pressure to share information with each other and with national intelligence agencies, and to communicate better with customers, security experts said.

Wells Fargo alerted customers to the problems with its website in posts on Facebook Inc. and Twitter Inc. the day of the attack. A spokeswoman said the bank also provided customer service personnel with updates so that they would be prepared to answer inquiries, although she declined to discuss the experience of specific customers.

In recent weeks, attacks disrupted the websites of Bank of America Corp., J.P. Morgan Chase & Co., U.S. Bancorp ., PNC Financial Services Group Inc., Capital One Financial Corp., Regions Financial Corp. and SunTrust Banks Inc. Capital One was targeted again this week, along with BB&T Corp.
Show less

Discerning between malicious traffic and legitimate traffic in real time is challenging for companies targeted by distributed denial-of-service attacks, but the task is made more difficult when the attacks come from reputable Internet properties that cannot easily be filtered.
The attacks on U.S. financial institutions, for example, have used compromised publishing platforms to target banks with a variety of attack traffic since last September. A key factor in the success of those… Show more

Discerning between malicious traffic and legitimate traffic in real time is challenging for companies targeted by distributed denial-of-service attacks, but the task is made more difficult when the attacks come from reputable Internet properties that cannot easily be filtered.
The attacks on U.S. financial institutions, for example, have used compromised publishing platforms to target banks with a variety of attack traffic since last September. A key factor in the success of those distributed denial-of-service (DDoS) attacks is the use by attackers of compromised, but reputable hosts. While attacks from hosted and cloud platforms have been uncommon so far, they will likely become a larger problems in the future, says Carl Herberger, vice president of security solutions at network security firm Radware.

Providers need to take some responsibility for obvious abuses of acceptable-use policy, such as packet floods and attacks on applications, he says.

"They need to come to terms with the fact that, if one of their hosted clients is attacking a victim on the Internet, they play a role," Herberger says. Show less

An FTC victory would force companies that collect and stockpile sensitive customer data in their ordinary business to re-examine how they are keeping it safe, watchers say. One of the main focuses will be how Judge Salah rules on the FTC’s "unfairness" charge against Wyndham, said Goldman, the Santa Clara University law professor. While "deception" is a relatively straightforward legal term, the meaning of unfair is much less clear, he said.

"Unfair – what is unfair?," Goldman said. "All… Show more

An FTC victory would force companies that collect and stockpile sensitive customer data in their ordinary business to re-examine how they are keeping it safe, watchers say. One of the main focuses will be how Judge Salah rules on the FTC’s "unfairness" charge against Wyndham, said Goldman, the Santa Clara University law professor. While "deception" is a relatively straightforward legal term, the meaning of unfair is much less clear, he said.

"Unfair – what is unfair?," Goldman said. "All the sudden, the FTC could be second-guessing every business’s decisions in the marketplace."

Carl Herberger, vice president at Radware, a cybersecurity firm that has its U.S. headquarters in Mahwah, notes that the FTC has taken action against firms over their cybersecurity in only a handful of instances — 40 times in the past dozen or so years by the FTC’s count — and only after a major break-in.

He added that if Wyndham emerges a victor, it may inspire other companies to dial back on how much they spend on cybersecurity.

"It would probably take the foot off the gas pedal for many institutions on improving their security programs," he said. Show less