http://bit.ly/1f02WqR | A rising number of recent DDoS attack campaigns have targeted the financial industry. As a result, financial institutions are anxious, and governments are considering the national security implications associated with digital assaults against the critical economic infrastructure provided by financial firms, including trading platforms. Are DDoS cyber attackers trying to manipulate stock prices and trading markets? The DDoS experts in PLXsert think so. Learn more about this security threat in these excerpts from the Prolexic white paper.

1.
1
DDoS
Cyber
Attacks
Against
Global
Markets
Selected
excerpts
Prolexic’s
Security
Engineering
and
Response
Team
(PLXsert)
recently
published
a
white
paper,
DDoS
Attacks
Against
Global
Markets,
which
shares
cyber
intelligence
gathered
from
nearly
a
dozen
significant
distributed
denial
of
service
(DDoS)
attacks
against
financial
enterprises
and
the
market
effects
of
those
attacks.
A
rising
number
of
recent
DDoS
attack
campaigns
have
targeted
the
financial
industry.
As
a
result,
financial
institutions
are
anxious,
and
governments
are
considering
the
national
security
implications
associated
with
digital
assaults
against
the
critical
economic
infrastructure
provided
by
financial
firms,
including
trading
platforms.
Are
DDoS
cyber
attackers
trying
to
manipulate
stock
prices
and
trading
markets?
The
DDoS
experts
in
PLXsert
think
so.
What
is
market
manipulation?
Market
manipulation
is
a
deliberate
and
malicious
interference
with
market
values
in
order
to
create
an
artificial
price
for
a
tradable
security.
DDoS
attacks
can
be
used
to
attempt
to
deliberately
reduce
the
availability
of
products
and
services
from
a
targeted
company
–
or
even
an
entire
financial
exchange
platform.
Many
financial
companies,
including
trading
organizations,
deliver
a
significant
amount
of
their
client
services
via
their
websites
or
via
web
applications.
As
a
result,
even
though
a
victim
enterprise
might
not
suffer
any
inventory
or
physical
loss
as
a
result
of
DoS
and
DDoS
attacks,
the
negative
consequences
associated
with
site
availability
and
investor
confidence
may
be
substantial.
The
public
image
of
a
financial
service
firm
is
intricately
associated
with
its
cyber
presence,
and
DDoS
attacks
and
other
cyber-­‐attack
vectors
can
modify
the
online
presence
of
the
victim,
which
can
create
artificial,
false
or
misleading
appearances
–
a
hallmark
of
market
manipulation
–
as
can
rumors
generated
about
an
organization
via
online
sites,
such
as
Twitter.
Overall,
PLXsert
has
found
a
causal
relationship
between
cyber-­‐attacks
and
a
change
in
the
valuation
of
a
company
in
a
given
market.
Who’s
behind
the
cyber-­‐attacks
against
American
financial
institutions?
Significant
denial
of
service
attack
campaigns
require
vast
resources,
a
large
number
of
attackers,
and
substantial
coordination
and
collaboration.
Since
2011,
and
growing
in
2012
and
2013,
DDoS
attack
campaigns
have
become
a
significant
threat
to
financial
firms.
To
understand
DDoS
attacks,
it
is
important
to
learn
about
the
groups
behind
the
attacks.

2.
2
Two
groups
were
responsible
for
the
two
most
significant
attack
campaigns
against
financial
markets
in
2012
and
2013.
The
Operation
Digital
Tornado
campaign
was
organized
by
a
group
called
L0ngWave99.
The
Operation
Ababil
campaign
was
organized
by
al-­‐Qassam
Cyber
Fighters
(QCF).
Although
the
two
groups
appear
to
have
distinct
identities,
there
is
also
a
record
of
them
having
shared
the
same
attack
tools.
L0ngWave99,
QCF
and
other
malicious
actor
groups
were
responsible
for
several
DDoS
attack
incidents
that
affected
stock
and
currency
valuations
or
interfered
with
trading.
Operation
Digital
Tornado
ran
for
three
months
from
February
to
April
2012.
In
this
campaign,
L0ngwave99
claimed
responsibility
for
attacking
multiple
U.S.
securities
and
commodity
exchanges.
L0ngwave99
claims
to
be
motivated
by
political
ideals,
including
support
for
the
Occupy
Wall
Street
movement.
The
group’s
website
contains
rhetoric
against
financial
institutions
and
harsh
criticism
of
the
policies
of
the
United
States
government
and
international
financial
institutions.
Operation
Ababil
and
the
itsoknoproblembro
campaign
ran
from
January
2012
through
August
2013.
Although
official
announcements
and
claimed
attributions
began
appearing
on
Pastebin
only
as
early
as
September
2012,
PLXsert
researchers
have
identified
through
Open
Source
Intelligence
(OSINT)
that
the
DDoS
attack
campaign
by
QCF
had
been
ongoing
since
at
least
January
2012.
Details
of
itsoknoproblembro
are
described
in
a
DDoS
threat
advisory
from
PLXsert.
Get
the
full
white
paper
for
all
detailed
explanations
In
the
white
paper,
PLXsert
shares
its
insight
into
the
use
of
DDoS
cyber-­‐attacks
to
influence
stock
prices
and
limit
trading,
including:
• Details
about
10
DDoS
attack
campaigns
and
their
market
effects
• Insight
into
the
perpetrators,
attack
methods
and
their
public
statements
for
each
campaign
• Types
of
malicious
actors
and
their
motives
• The
underground
ecosystem
that
supports
DDoS
cyber
attackers
A
complimentary
copy
of
the
white
paper,
“DDoS
Attacks
Against
Global
Markets,
can
be
downloaded
from
the
Prolexic
website.
About
Prolexic
Prolexic
Technologies
(now
part
of
Akamai)
is
the
world’s
largest
and
most
trusted
provider
of
DDoS
protection
and
mitigation
services.
Learn
more
at
http://www.prolexic.com.