Feeds

WorldPay recovers from massive attack

Three Days of the CyberDoS

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

Analysis WorldPay's systems are back running normally this week following the most serious and sustained Internet attack on a UK business to date.

Operations at the Royal Bank of Scotland's Internet payment transaction outfit were blighted for three days last week as the result of a malicious DDoS attack by unidentified computer criminals. Although customer information was not disclosed by the attack, WorldPay's online payment and administration system were reduced to a crawl due to a flood of malicious traffic directed at its Web-based systems that began a week ago.

WorldPay put in place a series of measures to mitigate the attack and by Friday its services were restored to near-normality.

In a statement to its customers on Friday, WorldPay apologised to its customers for the inconvenience caused by the attack.

Ron Kalifa, WorldPay's managing director, said: "Our service has been badly disrupted over the past three days. However, we have made significant progress and the corrective action we have taken is minimising the potential for further disruption."

"As you may know the cause of the disruption has been a substantial and sustained Distributed Denial of Service attack. WorldPay's payment and administration systems have, in fact, worked safely and securely throughout this, but the networks around them have been systematically flooded with requests for our service on a massive computer-generated scale. Our ability to process payments has been far slower and at lower volumes than normal as a result of this."

"The attack follows a familiar pattern to those seen against other major companies internationally and is regrettably extremely difficult to anticipate," he added.

The company emphasised that the "integrity and security of [customer] data has not, in any way, been compromised" by the attack. WorldPay says the outage is nothing to do with a recent upgrade, during which its systems were moved from Cambridge to Edinburgh, that took place days before the assault began.

Anatomy of an attack

WorldPay's services allow online retailers to accept online payments via credit and debit cards and are thus integral to the operation of the many ecommerce sites that use its facilities. The assault has been a serious disruption to their businesses.

The issue has not gone unnoticed by WorldPay's rivals, with Netbank among other attempting to poach WorldPay customers during the period of the attack by offering "emergency services" to allow e-tailers to continue to trade online.

Meanwhile the source of the "massive and orchestrated attack" against WorldPay's systems last week remains unknown, however security experts agreed on the probable mechanism of the assault.

David Williamson, director of sales for the UK and Ireland for security firm Ubizen, and an expert on computer forensics, said hackers probably used a network of compromised hosts to launch the assault.

Trojan infiltration tools like Stacheldraht (German for "barbed wire") and Trin00 used in the infamous DDoS attacks against Yahoo, Excite and eBay three years ago are still potent attack weapons, according to Williamson. A network of zombie hosts in educational institutions, for example, would allow crackers to remotely launch the WorldPay assault, he speculated.

Williamson said turning off the attack, which can hit a victim from many dozens or even hundreds of directions at once, can be difficult.

"You can mitigate the attack at service provider level. Peering arrangements and clever network design can also minimise disruption but these kind of attacks remain difficult to defend against," Williamson told El Reg.

Neil Barrett, technical director at security consultancy Information Risk Management (IRM), said that while a simple DDoS attack is relatively straightforward to block some tools allow hackers to launch 'mutating attacks' against targeted systems.

"With a simple DDoS attack, systems can be reconfigured to reject that type of attack. But with a mutating attack the assault can be varied by a hacker. By running through a spectrum of attacks you can keep a site locked down for some time," said Barrett.

WorldPay has approximately 28,000 clients worldwide, including major concerns such as Vodafone and Sony Music Entertainment and many smaller online retailers, such as CashnCarrion, The Register's online store.

Worldpay claims 40 per cent of small and medium online retailers in Britain use its service. Around 70 per cent of its business is in the UK and Europe. ®

Related Stories

WorldPay fights 'massive, orchestrated' attack
WorldPay floored by malicious attack
Canadian Feds charge Mafiaboy in DDoS attacks
Trojan turns victims into DDoS, spam zombies
Second-generation DDoS tools now easily detected

The Power of One eBook: Top reasons to choose HP BladeSystem

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
BMW's ConnectedDrive falls over, bosses blame upgrade snafu
Traffic flows up 20% as motorway middle lanes miraculously unclog
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.