Incapsula Security Firm Analyze Reality Behind Recent U.S. Cyber Attacks

If you remember our article on a wave of DDoS attacks on several American banks, this news is the continual of that news and would be releasing some of the shocking aspects regarding the attacks. Here, we would like to add that these attacks were launched by a hacking group by the name of Izz ad-Din al-Qassam in protest to a video which breaches the Islamic code of law. The hacker is now saying such attacks would keep coming and wouldn’t stop until the removal of that video content.

under-the-hood-cyber-attack-us-banks-ddos

One of the security firms Incapsula notified all the insight regarding these DDoS attack, when they recognized something suspicious in a new UK site. The site wasn’t too old but it received a number of security issue within few days of it launch. The cause of this issue was a number of requests through encoded PHP code payload.

When this was investigated in deep, the security team came to know that these high numbers of requests were trap building for attacks for U.S. banks. The investigations revealed that the attackers created a backdoor through these requests and used this site as a bot. The backdoor made room for the hackers to lay down a DDoS on some of the high-profile banks of U.S. including: PNC, HSBC bank and Third Fifth bank.

backdoor-shell-bank-ddos

The level of devastation these attacks can bring to a site is still unknown as when the experts tried to send the commands into the system they were blocked. But, it is for sure that the attacks can bring a lot of harm to a medium-sized site.

But, then suddenly the website was got hacked and got into the service of Incapsula with the backdoor installed. The team quickly checked how it was hacked and they came to know that it was due to its login detail which was the easiest admin/admin.  Further investigations on the site opened all the programming of the attacks. The attacks were laid by the zombies and were programmed in a way that they only the attacked their target 7 minutes an hour, this was done to bring efficiency to the attacks. In this period of the rest the boot nets shifted its attacks to other sites.

encoded-bank-ddos

According to the security researchers, bot nets have become a highly valuable weapon for the hackers which because they can bring about massive amount of hacking in just moment they have further provided some instructions regarding these bot nets which are as follows:

  • The PHP DoS code was designed to multiply itself, so it could take advantage of the full capacity available on the server. Since this is a server on hoster’s backbone, it was potentially capable of producing much more traffic volume than a regular “old school” botnet zombie.
  • The backdoor was controlled using an API, which used the server’s PHP environment to inject dynamic attack code. This allows the attacker to adapt very quickly to any changes in the websites security.”

pnc-hsbc-53-bank-ddos

While investigating the hands behinds this website the security stakes men found that this website was designed by a Turkish company. But, it is difficult to tell that is this website was originally hacked or is by default being use for this purpose.

In the end, we would like always like to warn all the people regarding how serious internet security issue has become. You can quite clearly from above information that even a small slip in administering a site could lead such massive disasters. The above article was a demonstration of how a simple administrative password weakness could allow the hackers to hack the site and create a through way to get on to other’s site.   

[Via: Incapsula]


Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.