Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Firm Says “itsoknoproblembro” DDoS Toolkit Was Used in Recent Debilitating Cyber Attacks

A series of unusually large and highly sophisticated DDoS attacks that hit various organizations last month appear to have used a highly sophisticated toolkit, Prolexic Technologies said.

A series of unusually large and highly sophisticated DDoS attacks that hit various organizations last month appear to have used a highly sophisticated toolkit, Prolexic Technologies said.

A distributed denial of service toolkit called “itsoknoproblembro” was behind some of the largest attacks recently, Prolexic said in a statement on Tuesday. The toolkit is capable of simultaneously attacking various components of a Website’s infrastructure and flooding the servers with sustained traffic peaking at 70 Gbps, the company said. Most mitigation providers would struggle to combat DDoS attacks with these characteristics, according to Prolexic.

“What we are experiencing is a dramatic uptick in the size and sophistication of DDoS attacks to a level not previously observed,” said Prolexic CEO Scott Hammack in a statement.

Last month, a number of U.S.-based financial institutions, including Bank of America, JPMorgan Chase, PNC Bank, and others, were suspected of being crippled by powerful distributed denial of service attacks. While not all the institutions have confirmed being hit by DDoS attacks, they all experienced extremely high traffic volumes that affected the availability of their sites within days of each other. Prolexic did not explicitly say the toolkits were used in these banking attacks in the report, but stuck to the vague phrase, “end of quarter” attacks.

Neal Quinn, Prolexic’s chief operating officer, and Scott Scholly, president of Prolexic, also declined to clarify the phrase in a conversation with SecurityWeek, citing confidentiality reasons.

Prolexic “does not comment on customers” or what the customers may or may not be seeing, Scholly said.

While the company can’t discuss specific identities or incidents, Scholly and Quinn said the itsoknoproblembro toolkit had been behind a number of attacks across a variety of industrial sectors over the past year. The toolkit was not unique to just financial sector attacks, Scholly said.

This tool has been used “in conjunction with sophisticated attack methods” that indicate the attackers are quite familiar with common DDoS mitigation methods, Prolexic said. The toolkit includes multiple infrastructure and application-layer attack vectors, such as SYN floods, that can simultaneously attack multiple destination ports and targets, as well as ICMP, UDP and SSL encrypted attack types, Prolexic said. These attacks often take the form of a large UDP flood targeting DNS infrastructures, according to the company.

It appears that the attacking botnet contains many legitimate IP addresses, which makes it harder to use anti-spoofing mechanisms to block the junk traffic.

The itsoknoproblembro kit doesn’t appear to be widely marketed on underground forums at this time, nor has the Prolexic team observed any itsoknoproblembro botnets available for rent, Quinn and Scholly said. While it’s possible the tool may become more widely available at a later date, for the time being, all the campaigns launched by itsoknoproblembro appear to have been the work of a small group of attackers, they said.

“The size and sophistication of this threat has created a high-alert within various industries and with good reason,” said Hammack.

The Financial Services Information Sharing and Analysis Center (FS-ISAC) set its Threat Level to “High” on Sept. 19 and the Federal Bureau of Investigation warned about possible attacks targeting financial institutions.

Prolexic has successfully mitigated multiple itsoknoproblembro campaigns throughout the year, Hammock said. Again, the company did not identify any customers.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...