Feeds

WorldPay recovers from massive attack

Three Days of the CyberDoS

  • alert
  • submit to reddit

Next gen security for virtualised datacentres

Analysis WorldPay's systems are back running normally this week following the most serious and sustained Internet attack on a UK business to date.

Operations at the Royal Bank of Scotland's Internet payment transaction outfit were blighted for three days last week as the result of a malicious DDoS attack by unidentified computer criminals. Although customer information was not disclosed by the attack, WorldPay's online payment and administration system were reduced to a crawl due to a flood of malicious traffic directed at its Web-based systems that began a week ago.

WorldPay put in place a series of measures to mitigate the attack and by Friday its services were restored to near-normality.

In a statement to its customers on Friday, WorldPay apologised to its customers for the inconvenience caused by the attack.

Ron Kalifa, WorldPay's managing director, said: "Our service has been badly disrupted over the past three days. However, we have made significant progress and the corrective action we have taken is minimising the potential for further disruption."

"As you may know the cause of the disruption has been a substantial and sustained Distributed Denial of Service attack. WorldPay's payment and administration systems have, in fact, worked safely and securely throughout this, but the networks around them have been systematically flooded with requests for our service on a massive computer-generated scale. Our ability to process payments has been far slower and at lower volumes than normal as a result of this."

"The attack follows a familiar pattern to those seen against other major companies internationally and is regrettably extremely difficult to anticipate," he added.

The company emphasised that the "integrity and security of [customer] data has not, in any way, been compromised" by the attack. WorldPay says the outage is nothing to do with a recent upgrade, during which its systems were moved from Cambridge to Edinburgh, that took place days before the assault began.

Anatomy of an attack

WorldPay's services allow online retailers to accept online payments via credit and debit cards and are thus integral to the operation of the many ecommerce sites that use its facilities. The assault has been a serious disruption to their businesses.

The issue has not gone unnoticed by WorldPay's rivals, with Netbank among other attempting to poach WorldPay customers during the period of the attack by offering "emergency services" to allow e-tailers to continue to trade online.

Meanwhile the source of the "massive and orchestrated attack" against WorldPay's systems last week remains unknown, however security experts agreed on the probable mechanism of the assault.

David Williamson, director of sales for the UK and Ireland for security firm Ubizen, and an expert on computer forensics, said hackers probably used a network of compromised hosts to launch the assault.

Trojan infiltration tools like Stacheldraht (German for "barbed wire") and Trin00 used in the infamous DDoS attacks against Yahoo, Excite and eBay three years ago are still potent attack weapons, according to Williamson. A network of zombie hosts in educational institutions, for example, would allow crackers to remotely launch the WorldPay assault, he speculated.

Williamson said turning off the attack, which can hit a victim from many dozens or even hundreds of directions at once, can be difficult.

"You can mitigate the attack at service provider level. Peering arrangements and clever network design can also minimise disruption but these kind of attacks remain difficult to defend against," Williamson told El Reg.

Neil Barrett, technical director at security consultancy Information Risk Management (IRM), said that while a simple DDoS attack is relatively straightforward to block some tools allow hackers to launch 'mutating attacks' against targeted systems.

"With a simple DDoS attack, systems can be reconfigured to reject that type of attack. But with a mutating attack the assault can be varied by a hacker. By running through a spectrum of attacks you can keep a site locked down for some time," said Barrett.

WorldPay has approximately 28,000 clients worldwide, including major concerns such as Vodafone and Sony Music Entertainment and many smaller online retailers, such as CashnCarrion, The Register's online store.

Worldpay claims 40 per cent of small and medium online retailers in Britain use its service. Around 70 per cent of its business is in the UK and Europe. ®

Related Stories

WorldPay fights 'massive, orchestrated' attack
WorldPay floored by malicious attack
Canadian Feds charge Mafiaboy in DDoS attacks
Trojan turns victims into DDoS, spam zombies
Second-generation DDoS tools now easily detected

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Best practices for enterprise data
Discussing how technology providers have innovated in order to solve new challenges, creating a new framework for enterprise data.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?