US Bank knocked offline by DDOS attack that hit US, South Korea
Looks like there was another US victim of this ongoing DDOS attack -- US Bancorp, the nation's sixth-largest commerical bank. Looks like it's not just the government that got knocked offline by these DDOS attacks. Here's a note about www.usbank.com's uptime from Pingdom, sent to The IDG News Service this morning:
Note that the time zone on the below graphs is GMT+1 (that's the way this specific account was set up).
Problems with the site started sometime between 2 p.m. and 3 p.m. GMT+1 (8-9 a.m. US EST) on the 5th and normalized around 15 p.m. GMT+1 (10 a.m. US EST) on the 6th. (Looks like it lasted approximately 24 hours from start to finish.)
Here below is the graph for the load time of www.usbank.com (note, this is just for the HTML code, not images, etc). As you can see the slowdown became significant even when the site was available. It also looks like the attack (if this was due to an attack) came in two main waves.
It wasn’t just slowdown, though. The site was also unavailable a good part of this time period.
Here below is the uptime graph for www.usbank.com. It shows hourly uptime percentages (i.e. for how much of an hour the site was available). Here you can also clearly see the effect of the two “waves” in the attack (if that’s what caused this). The site was unavailable for an accumulated total of 12 hours and 5 minutes during this time period. The first time the site was down started just after 3 p.m. GMT+1 (9 a.m. US EST) on the 5th. After 2:17 p.m. GMT+1 (8:17 a.m.) on the 6th the site had no more downtime.
Regarding the downtime, much of the time we either got no response at all from their web server(s) or it responded with an HTTP error 503 (service unavailable), which could indicate an overloaded server. On occasion the connection also timed out (we will count a site as down if we cannot load it within 30 seconds). All of these “symptoms” would be in line with what can happen during a DDoS attack.
By the way, if anyone sees any evidence linking any of this to North Korea, let me know. So far I've seen nothing, despite any allegations by South Korean authorities.
(Thanks Nancy Gohring for getting the Pingdom info for me)
Print
Note that the time zone on the below graphs is GMT+1 (that's the way this specific account was set up).
Problems with the site started sometime between 2 p.m. and 3 p.m. GMT+1 (8-9 a.m. US EST) on the 5th and normalized around 15 p.m. GMT+1 (10 a.m. US EST) on the 6th. (Looks like it lasted approximately 24 hours from start to finish.)
Here below is the graph for the load time of www.usbank.com (note, this is just for the HTML code, not images, etc). As you can see the slowdown became significant even when the site was available. It also looks like the attack (if this was due to an attack) came in two main waves.
It wasn’t just slowdown, though. The site was also unavailable a good part of this time period.
Here below is the uptime graph for www.usbank.com. It shows hourly uptime percentages (i.e. for how much of an hour the site was available). Here you can also clearly see the effect of the two “waves” in the attack (if that’s what caused this). The site was unavailable for an accumulated total of 12 hours and 5 minutes during this time period. The first time the site was down started just after 3 p.m. GMT+1 (9 a.m. US EST) on the 5th. After 2:17 p.m. GMT+1 (8:17 a.m.) on the 6th the site had no more downtime.
Regarding the downtime, much of the time we either got no response at all from their web server(s) or it responded with an HTTP error 503 (service unavailable), which could indicate an overloaded server. On occasion the connection also timed out (we will count a site as down if we cannot load it within 30 seconds). All of these “symptoms” would be in line with what can happen during a DDoS attack.
By the way, if anyone sees any evidence linking any of this to North Korea, let me know. So far I've seen nothing, despite any allegations by South Korean authorities.
(Thanks Nancy Gohring for getting the Pingdom info for me)
Previous Post: List of US, South Korean sites targeted in ongoing DDOSNext Post: Network Solutions warns merchants that hackers may have stolen transaction...
What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
WHITE PAPER
Reduce Email Archives up to 60%
Are you considering implementing a proactive archiving and eDiscovery solutions? This paper summarizes 15 separate soft cost savings when implementing Symantec Enterprise Vault and the Clearwell eDiscovery Platform.
WHITE PAPER
Aberdeen Report: To Patch, or Not to Patch? (Not If, But How)
The report explores the correlation between the current use of patch management and the level of endpoint-related risk that companies are effectively accepting.
Recent Comments
Webcasts
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- Moving Your Email to the Trusted Cloud
- Comprehensive Server Protection
White Papers
