Denial of Service protection services provider Prolexic Technologies announced on Wednesday it has issued a warning that includes attack signatures and details helpful to detect and stop DDoS attacks from the Drive DDoS toolkit.
The report comes a few weeks after Prolexic released another report that showed that DDoS attacks have seen a 20 percent increase over last quarter, and have risen across the board in size, strength, and duration.
The Drive DDoS toolkit is an attack tool that is frequently used as a source of distraction while criminals break into customer accounts at finance firms and e-Commerce businesses.
Many criminals use DDoS attacks from the Drive DDoS toolkit and other variants of the Dirt Jumper toolkit to distract IT security officials as they attempt to transfer funds out of bank accounts, steal passwords for later use, or place unauthorized orders.
Since attacks from this criminal DDoS toolkit are related to identity theft, it is important for financial and ecommerce companies to recognize the Drive toolkit as the source of a DDoS attack.
Prolexic recommends that these companies ought to suspect and investigate any possible fraudulent access of customer accounts that may have occurred during the attack.
“During the confusion of a DDoS attack, malicious actors can break into the financial and e-Commerce accounts of customers without being noticed,” said Stuart Scholly, president at Prolexic. “IT departments are typically so focused on the damage caused by the DDoS attack that they don’t realize it may merely be a planned distraction while criminals loot customer accounts.”
The Drive toolkit, which is being distributed within underground hacking forums, has been the source of multiple recent DDoS attacks discovered by the Prolexic Security Engineering and Response Team.
The tool is a more recent variant of the Dirt Jumper family of popular DDoS attack tool, DDoS toolkits.
There are currently six types of DDoS attacks that are built into the Drive toolkit, which allow attackers to launch a range of DDoS attacks.
The tool features GET floods, POST floods, POST2 floods, IP floods and IP2 floods directed at the application layer as well as UDP floods, which target network infrastructure. The encryption allows malicious actors to hide their identities.
Prolexic is offering an analysis of the Drive threat, including screenshots, launch commands, sample payloads and identifying signatures to enable DDoS mitigation techniques, free of charge, on the Prolexic Drive DDoS Threat Advisory page.