Feeds

WorldPay recovers from massive attack

Three Days of the CyberDoS

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

Analysis WorldPay's systems are back running normally this week following the most serious and sustained Internet attack on a UK business to date.

Operations at the Royal Bank of Scotland's Internet payment transaction outfit were blighted for three days last week as the result of a malicious DDoS attack by unidentified computer criminals. Although customer information was not disclosed by the attack, WorldPay's online payment and administration system were reduced to a crawl due to a flood of malicious traffic directed at its Web-based systems that began a week ago.

WorldPay put in place a series of measures to mitigate the attack and by Friday its services were restored to near-normality.

In a statement to its customers on Friday, WorldPay apologised to its customers for the inconvenience caused by the attack.

Ron Kalifa, WorldPay's managing director, said: "Our service has been badly disrupted over the past three days. However, we have made significant progress and the corrective action we have taken is minimising the potential for further disruption."

"As you may know the cause of the disruption has been a substantial and sustained Distributed Denial of Service attack. WorldPay's payment and administration systems have, in fact, worked safely and securely throughout this, but the networks around them have been systematically flooded with requests for our service on a massive computer-generated scale. Our ability to process payments has been far slower and at lower volumes than normal as a result of this."

"The attack follows a familiar pattern to those seen against other major companies internationally and is regrettably extremely difficult to anticipate," he added.

The company emphasised that the "integrity and security of [customer] data has not, in any way, been compromised" by the attack. WorldPay says the outage is nothing to do with a recent upgrade, during which its systems were moved from Cambridge to Edinburgh, that took place days before the assault began.

Anatomy of an attack

WorldPay's services allow online retailers to accept online payments via credit and debit cards and are thus integral to the operation of the many ecommerce sites that use its facilities. The assault has been a serious disruption to their businesses.

The issue has not gone unnoticed by WorldPay's rivals, with Netbank among other attempting to poach WorldPay customers during the period of the attack by offering "emergency services" to allow e-tailers to continue to trade online.

Meanwhile the source of the "massive and orchestrated attack" against WorldPay's systems last week remains unknown, however security experts agreed on the probable mechanism of the assault.

David Williamson, director of sales for the UK and Ireland for security firm Ubizen, and an expert on computer forensics, said hackers probably used a network of compromised hosts to launch the assault.

Trojan infiltration tools like Stacheldraht (German for "barbed wire") and Trin00 used in the infamous DDoS attacks against Yahoo, Excite and eBay three years ago are still potent attack weapons, according to Williamson. A network of zombie hosts in educational institutions, for example, would allow crackers to remotely launch the WorldPay assault, he speculated.

Williamson said turning off the attack, which can hit a victim from many dozens or even hundreds of directions at once, can be difficult.

"You can mitigate the attack at service provider level. Peering arrangements and clever network design can also minimise disruption but these kind of attacks remain difficult to defend against," Williamson told El Reg.

Neil Barrett, technical director at security consultancy Information Risk Management (IRM), said that while a simple DDoS attack is relatively straightforward to block some tools allow hackers to launch 'mutating attacks' against targeted systems.

"With a simple DDoS attack, systems can be reconfigured to reject that type of attack. But with a mutating attack the assault can be varied by a hacker. By running through a spectrum of attacks you can keep a site locked down for some time," said Barrett.

WorldPay has approximately 28,000 clients worldwide, including major concerns such as Vodafone and Sony Music Entertainment and many smaller online retailers, such as CashnCarrion, The Register's online store.

Worldpay claims 40 per cent of small and medium online retailers in Britain use its service. Around 70 per cent of its business is in the UK and Europe. ®

Related Stories

WorldPay fights 'massive, orchestrated' attack
WorldPay floored by malicious attack
Canadian Feds charge Mafiaboy in DDoS attacks
Trojan turns victims into DDoS, spam zombies
Second-generation DDoS tools now easily detected

Beginner's guide to SSL certificates

More from The Register

next story
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.