Cmgt 400 – Security Threat AssessmentSecurity Threat AssessmentCMGT/400January 29, 2013Vijay JonnalagaddaSecurity Threat AssessmentIntroductionThe purpose of this paper is to describe potential risks and security threats faced today at Chase Bank, one of the world’s largest banking institutions. The author will describe potential risks associated with the information and the related vulnerabilities within the banking organization as well as identifying the forces that drive each threat and the related vulnerabilities presented by each threat.

DDoS AttacksOne of the most prevalent risks that JPMorgan Chase faces today are organized Distributed Denial of Service (DDoS) attacks against its online customer site. A DDoS attack is an attempt to make a website or network unavailable to its’ intended users. According to “DDoS Attacks Against U.S. Banks Peaked At 60 Gbps” (2012), “A group calling itself ‘Izz ad-Din al-Qassam Cyber Fighters’ launched a series of DDoS attacks against the websites of several U.S. banks during September and October (2012), severely disrupting online and mobile banking services for extended periods of time.” These DDoS attacks happened in late 2012 and the group has promised more attacks against U.S. banking institutions including JP Morgan Chase.

”

For more about this and other DDoS attacks, see “DDoS AttacksAgainst U.S. Banks: An Unprecedented Threat In America.”

The Government’s DDoS Scenario

The Government’s DDoS Scenario

According to the FBI, the Government’s DDoS Scenario is the most extreme of any known attack plan. The FBI defines an attack plan as:

—an attack plan “stylized by computer-assisted targeting of computer network traffic and other networks—as described above—where specific, identifiable, or identifiable characteristics (e.g., names, addresses, biometrics, or telephone numbers) for the purpose of gaining access to Internet traffic from a non-targeted Web page are provided.”

“A “targetable” Web page is any site that, by its nature or content, has links to other websites of a “group” or “organizations”—a reference to groups or groups of websites—in which the attack website links to other websites.

“The Government’s DDoS Scenario is “not necessarily an attack plan designed to generate a large, centralized global or national market, but rather an approach based on the fact that a user engages with other web applications on the Internet, often in ways other than Internet traffic.”

“The FBI says, “As we have always been trained to anticipate, an attack may also target a web browser with a broad geographical range than a particular individual Internet traffic. In that manner, an attacker could also use the Internet to attack online or mobile banking services or other businesses, and also those used by those entities to obtain sensitive economic information. A high degree of sophistication in these tactics may make the type of attack most likely.”

In 2012, the Department of Justice announced that it was issuing new cyber defenses against all types of DDoS attacks.

One new law, the National Domestic Cybersecurity Act of 2012, outlines the broad outlines of the DDoS attack plan outlined by the FBI, including the following—

• the FBI takes the unusual step of requesting that organizations notify the agency of an attack against them.

• “All organizations, or any entity, are asked to inform the FBI of an attack in order to protect their business operations and ensure continued service and innovation for their customers. If notified, the organizations should immediately cease all activity against any of their customers or to provide additional notice.”

• a letter written to the Director of National Intelligence, stating: “Our Government has the utmost confidence in your ability to protect your customer, and your business operations, critical for the continued success of our mission in cyberspace!”

• at least $9 billion in funding over the next five years is already available under the Cyber Intelligence Appropriations Act of 2001 for

DDoS attacks are getting more and more serious to the point that Arbor Networks has speculated about the possibility of a “DDoS Armageddon”. They are referring to a DDoS attack so huge that it can possibly take down the entire internet. JP Morgan Chase will need to continue to assess the risk of DDoS attacks and continue to protect its sites from them.

It has been stated that there is no risk to customer information from DDoS attacks however the availability of the customer website is a huge concern for the company. There is also a possibility of a group using a DDoS attack as a smoke screen for hacking customer accounts. In other words, the DDoS attack can be used as a distraction while real damage is being done. The FBI has warned the public to be aware of DDoS being used in this manner. It’s possible that while a DDoS attack is happening, money can be wired out from the bank and the DDoS attack can prevent the funds from being wired back before being funneled elsewhere.

Phishing and MalwarePhishing is defined as “The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.” Phishing has become more and more sophisticated and attempts

Get Your Essay

Cite this page

Ddos Attacks And Potential Risks. (August 27, 2021). Retrieved from https://www.freeessays.education/ddos-attacks-and-potential-risks-essay/