Connect with us

Hi, what are you looking for?


Network Security

NASDAQ and BATS Web Sites Fall Victim to DDoS Attacks

Both the BATS and NASDAQ exchanges were under constant assault early this week, thanks to a flood of packets sent their way by an unknown group or person. These recent attacks are just the latest in a string of attacks that have hit the UN, CIA, and others.

Both the BATS and NASDAQ exchanges were under constant assault early this week, thanks to a flood of packets sent their way by an unknown group or person. These recent attacks are just the latest in a string of attacks that have hit the UN, CIA, and others.

NASDAQ spokesperson Joseph Christinat told SecurityWeek that the NASDAQ website became under attack on Monday, with the attack lasting for a period of about 24 hours. The origin of the attack was unknown. Throughout the day on Tuesday, if the NASDAQ domain loaded at all, it was sluggish. The situation has been resolved, Christinat said, reminding that there was no hacking, and that trading operations were not impacted.

At the same time NASDAQ was targeted, the webste for BATS (the third largest U.S. equity market) was offline as well, with spokespersons reporting that the DDoS attack had no effect on trading systems. Likewise, NASDAQ stood firm on the point that only the corporate website was impacted, and no information was taken.

In related news, Radware, an application security and availability vendor, issued a warning to customers concerning alleged DDoS attacks on websites in Israel, and other high value domains on Tuesday.

“In the last couple of days, the infamous Anonymous hacker group has released a threat against Israeli websites. Based on ERT experience with blocking Anonymous attacks in Israel and all over the world, we are releasing here a short list of security-policy recommendations. Attacks are expected against Israeli government, public institutions, and other high profile websites starting of today, Tuesday February 14,” an email obtained by SecurityWeek explains.

Related Resource: The Business Case for Managed DDoS Protection

The email goes on to list basic attack vectors and offers guidance for customers that may be forced to deal with them. Given that the advice would apply to anyone charged with defending a network, we’ve pasted it below.

Advertisement. Scroll to continue reading.

1. It is time to activate all security appliances. Switch all security appliances in the network to Block mode—including Anti-DoS, IPS and WAF. Make sure all equipment is updated with the latest signature/definition releases.

2. Monitor Security Alerts. Examine alerts and triggers carefully. Tune existing polices and protections to prevent false positives and allow you to identify real threats if and when they occur.

3. ***Take packet captures. This is very important.***

Be able to take real-timepacket captures. It does not need to be a state-of-the-art capture monster. Even a PC running Wireshark connected to a mirror port on the router will do. Prepare and educate your personnel on how to run the packet-capture tool.

In case of an attack that evades the current protection, this is going to be the most useful way to gather information. (Upload the captures as you get them to, and send us the links you get from the uploaded file.)

4. Protect your network from volumetric attacks—Use MSSP. Keep your pipes from saturation by routing traffic through Anti-DoS–protected service providers. Make sure security polices at the service-provider level are up to date and defined properly.

5. Protect your network from volumetric attacks—Block unused UDP ports.

Open ports are prone to volumetric UDP floods. Block all unsupported UDP ports at the service provider, emphasizing UDP/80 and UDP/443.

6. Protect your web application—Deploy WAF. If you do not have WAF in your environment, this is a very good time to do so.

7. When all hell breaks loose, contact ERT.

These DDoS attacks come on the heels of a recent weekend rampage where supporters of Anonymous launched DDoS attacks against one-hundred and eleven Mexican websites, some of them related to Mexico’s mining industry – others related to Mexico’s Senate and Ministry of Interior, as well as Alabama’s state website, the UN, and even the CIA.

Related Resource: The Business Case for Managed DDoS Protection

Related Reading: DDoS Attacks – Size Doesn’t Matter, Says Radware

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...