Nexusguard Restores Service to Online Gold Trading Platform
The financial industry will always be a big target forcyber attacks: the large payoff serves as a strong motivation for criminals; its cutting-edge security gives hackers bragging rights if they can successfully infiltrate or disrupt services; the fierce competition tempts businesses to hire commercial attackers to attack competitors. Recently, a DDoS attack targeted a Nexusguard client who operates an online gold-trading platform serving China and Hong Kong users.
Traffic Anomalies Cause Service Outage
Services were taken offline by the abnormal traffic created by a DDoS attack. The trading platform had not contacted Nexusguard yet—it first tried to mitigate the attack internally by closing down the IP addresses under attack and switching to other ones. Their approach was time consuming and inefficient. Another reason it had not called for Nexusguard’s assistance was because they believed the attack was not severe, as its trading services would go back online for brief moments.
Despite the time and effort spent, ultimately the trading platform could not keep its services online. Its internal security team lacked the experience and expertise to hold back the attack on their servers. Eventually, they turned to Nexusguard for help.
A “Cocktail” of Multiple Attacks
The DDoS attack was a complex one, with a large number of connections hitting the trading platform’s website and consuming almost all of its bandwidth. The attack brought in over 2000 times more connections to slam its servers for eight hours. The attack pattern also changed from time to time, making it difficult to remedy with a single approach: the attacker used a cocktail of Layer 7 attacks, ICMP floods and TCP SYN floods. Fortunately, the IP address that was attacked was a Nexusguard IP address assigned to the trading platform by Nexusguard
Nexusguard Takes Trading Services Back Online
When Nexusguard’s fast response team took over, they first analyzed all incoming traffic to the website to determine the attack pattern and discovered that the attacker was using multiple attack types and patterns. Nexusguard mitigated each of them accordingly, while fine-tuning each approach from time to time as the attacker changed the attack pattern.
As the fast response team worked to minimize the damage inflicted on the trading platform, Nexusguard’s SOC was working hard to gather intelligence on where the attack originated. In just 15 minutes, all services were back online. To wrap it up, the SOC handed the attack data to Nexusguard’s research team for further analysis and to serve as reference for future mitigation strategies.
Businesses in the financial industry rely on customer trust more than any other industry; since it does not come easily, they must take extra precautions to earn and keep that trust. Nexusguard understands how important it is for clients in the financial industry to keep their data safe and services up and running 24/7.Download
“We tried for more than an hour but couldn’t get hold of the attack. How fantastic that Nexusguard got us back online in just 15 minutes.”
General Manager of the gold trading platform