Fraud and identity theft camouflaged by DDoS attacks
Prolexic shared attack signatures and details that are helpful to detect and stop DDoS attacks from the Drive DDoS toolkit, an attack tool often used as a source of distraction while criminals break into customer accounts at finance firms and e-commerce businesses.
DDoS attacks from the Drive DDoS toolkit and other variants of the Dirt Jumper toolkit can sidetrack IT security personnel while criminals attempt to transfer funds out of bank accounts, gather passwords for later use, or place unauthorized orders.
Because attacks from this criminal DDoS toolkit are associated with identity theft, recognizing the Drive toolkit as the source of a DDoS attack can lead financial institutions, banking, insurance, investment firms, brokerages or e-Commerce firms to suspect and investigate possible fraudulent access of customer accounts that may have occurred during the attack.
The Drive toolkit, which is being leaked in underground hacking forums, has been the source of multiple recent DDoS attacks observed by the Prolexic Security Engineering and Response Team (PLXsert). The tool is a newer variant of the Dirt Jumper family of DDoS toolkits, one of the most popular denial of service attack tools in use today.
Six types of DDoS attacks are built into the Drive toolkit, allowing attackers to launch a variety DDoS attacks. The tool features GET floods, POST floods, POST2 floods, IP floods and IP2 floods directed at the application layer as well as UDP floods, which target network infrastructure. Encryption allows malicious actors to hide their identities.