Feeds

WorldPay recovers from massive attack

Three Days of the CyberDoS

  • alert
  • submit to reddit

The Essential Guide to IT Transformation

Analysis WorldPay's systems are back running normally this week following the most serious and sustained Internet attack on a UK business to date.

Operations at the Royal Bank of Scotland's Internet payment transaction outfit were blighted for three days last week as the result of a malicious DDoS attack by unidentified computer criminals. Although customer information was not disclosed by the attack, WorldPay's online payment and administration system were reduced to a crawl due to a flood of malicious traffic directed at its Web-based systems that began a week ago.

WorldPay put in place a series of measures to mitigate the attack and by Friday its services were restored to near-normality.

In a statement to its customers on Friday, WorldPay apologised to its customers for the inconvenience caused by the attack.

Ron Kalifa, WorldPay's managing director, said: "Our service has been badly disrupted over the past three days. However, we have made significant progress and the corrective action we have taken is minimising the potential for further disruption."

"As you may know the cause of the disruption has been a substantial and sustained Distributed Denial of Service attack. WorldPay's payment and administration systems have, in fact, worked safely and securely throughout this, but the networks around them have been systematically flooded with requests for our service on a massive computer-generated scale. Our ability to process payments has been far slower and at lower volumes than normal as a result of this."

"The attack follows a familiar pattern to those seen against other major companies internationally and is regrettably extremely difficult to anticipate," he added.

The company emphasised that the "integrity and security of [customer] data has not, in any way, been compromised" by the attack. WorldPay says the outage is nothing to do with a recent upgrade, during which its systems were moved from Cambridge to Edinburgh, that took place days before the assault began.

Anatomy of an attack

WorldPay's services allow online retailers to accept online payments via credit and debit cards and are thus integral to the operation of the many ecommerce sites that use its facilities. The assault has been a serious disruption to their businesses.

The issue has not gone unnoticed by WorldPay's rivals, with Netbank among other attempting to poach WorldPay customers during the period of the attack by offering "emergency services" to allow e-tailers to continue to trade online.

Meanwhile the source of the "massive and orchestrated attack" against WorldPay's systems last week remains unknown, however security experts agreed on the probable mechanism of the assault.

David Williamson, director of sales for the UK and Ireland for security firm Ubizen, and an expert on computer forensics, said hackers probably used a network of compromised hosts to launch the assault.

Trojan infiltration tools like Stacheldraht (German for "barbed wire") and Trin00 used in the infamous DDoS attacks against Yahoo, Excite and eBay three years ago are still potent attack weapons, according to Williamson. A network of zombie hosts in educational institutions, for example, would allow crackers to remotely launch the WorldPay assault, he speculated.

Williamson said turning off the attack, which can hit a victim from many dozens or even hundreds of directions at once, can be difficult.

"You can mitigate the attack at service provider level. Peering arrangements and clever network design can also minimise disruption but these kind of attacks remain difficult to defend against," Williamson told El Reg.

Neil Barrett, technical director at security consultancy Information Risk Management (IRM), said that while a simple DDoS attack is relatively straightforward to block some tools allow hackers to launch 'mutating attacks' against targeted systems.

"With a simple DDoS attack, systems can be reconfigured to reject that type of attack. But with a mutating attack the assault can be varied by a hacker. By running through a spectrum of attacks you can keep a site locked down for some time," said Barrett.

WorldPay has approximately 28,000 clients worldwide, including major concerns such as Vodafone and Sony Music Entertainment and many smaller online retailers, such as CashnCarrion, The Register's online store.

Worldpay claims 40 per cent of small and medium online retailers in Britain use its service. Around 70 per cent of its business is in the UK and Europe. ®

Related Stories

WorldPay fights 'massive, orchestrated' attack
WorldPay floored by malicious attack
Canadian Feds charge Mafiaboy in DDoS attacks
Trojan turns victims into DDoS, spam zombies
Second-generation DDoS tools now easily detected

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.