Cyber Attacks on Financial Critical Infrastructures

  • Mirco Marchetti
  • Michele Colajanni
  • Michele Messori
  • Leonardo Aniello
  • Ymir Vigfusson


This chapter focuses on attack strategies that can be (and have been) used against financial IT infrastructures. The first section presents an overview and a classification of the different kinds of frauds and attacks carried out against financial institutions and their IT infrastructures. We then restrict our focus by analyzing in detail five attack scenarios, selected among the ones presented in the previous section. These attack scenarios are: Man in the Middle (and its variant, Man in the Browser), distributed denial of service (DDoS), distributed portscan, session hijacking, and malware-based attacks against Internet banking customers. These scenarios have been selected because of their distributed nature: all of them involve multiple, geographically distributed financial institutions. Hence their detection will benefit greatly from the deployment of new technologies and best practices for information sharing and cooperative event processing. For each scenario we present a theoretical description of the attack as well as implementation details and consequences of past attacks carried out against real financial institutions.


Financial Institution Transmission Control Protocol User Datagram Protocol Domain Name System Transmission Control Protocol Connection 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Stewart, J.: Top spam botnets exposed, April (2008) Google Scholar
  2. 2.
    Bogk, A.: Advisory: weak PNG in PHP session ID generation leads to session hijacking, March (2010) Google Scholar
  3. 3.
    BBC News: Botnet hacker caught in Slovenia, July (2010) Google Scholar
  4. 4.
    Gutterman, Z., Malkhi, D.: Hold your sessions: an attack on java session-id generation. In: Menezes, A. (ed.) CT-RSA. Lecture Notes in Computer Science, vol. 3376, pp. 44–57. Springer, Berlin (2005) Google Scholar
  5. 5.
    Kamkar, S.: phpwn: Attacking sessions and pseudo-random numbers in PHP. Las Vegas, NV, USA, July 2010. Blackhat Google Scholar
  6. 6.
    Moscaritolo, A.: Kraken botnet re-emerges 318,000 nodes strong. SC magazine June (2010) Google Scholar
  7. 7.
    MessageLabs Intelligence: Annual security report, December (2010) Google Scholar
  8. 8.
    Davies, K.: DNS cache poisoning vulnerability, available online at (2008)
  9. 9.
    Espiner, T.: Symantec warns of router compromise, available online at,39044215,62036991,00.htm
  10. 10.
    Espelid, Y., Netkand, L.-H., Klingsheim, A.N., Hole, K.J.: Robbing banks with their own software, an exploit against Norwegian online banks. In: Proceedings of the IFIP 23rd International Information Security Conference, September 2008 Google Scholar
  11. 11.
    Klein, A.: BIND 9 DNS cache poisoning. Available online at
  12. 12.
    Microsoft Corporation: Microsoft Security Bulletin MS07-062 Important. Available online at
  13. 13.
    Smith, D.: Link router based worm? Available online at
  14. 14.
    SecurityFocus: Cross Site Request Forgery in 2wire routers. Available online at
  15. 15.
    TriCipher: The perfect storm: man in the middle attacks, weak authentication and organized online criminals. Available online at
  16. 16.
    Wilson, T.: For Sale: Phishing Kit. Available online at
  17. 17.
    Vaughn, R., Evron, G.: DNS amplification attacks. Available online at, March 2006
  18. 18.
    Kumar, S.: Smurf-based distributed denial of service (DDoS) attack amplification in internet. In: Second International Conference on Internet Monitoring and Protection (ICIMP 2007) (2007) Google Scholar
  19. 19.
    Cooke, E., Jahanian, F., McPherson, D.: The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets. USENIX Step to reducing unwanted traffic on the internet Workshop (SRUTI’05) Google Scholar
  20. 20.
  21. 21.
  22. 22.
  23. 23.
  24. 24., last visited: September 2011
  25. 25.
  26. 26.
  27. 27.
    Paulson, R.A., Weber, J.E.: Cyberextortion: an overview of distributed denial of service attacks against online gaming companies. Issues in Information Systems VII(2) (2006) Google Scholar
  28. 28.
    Prolexic home page. Available online at, last visited: September 2011
  29. 29.
  30. 30.
  31. 31.
  32. 32.
  33. 33.
  34. 34.
  35. 35.
  36. 36.
    CERT Advisory CA-2003-04, MS-SQL Server Worm. Available online at:
  37. 37.
    Moore, D., Paxon, V., Savage, S., Shannon, C., Staniford, S., Weaver, N.: Inside the Slammer Worm. IEEE Security & Privacy (2003) Google Scholar
  38. 38.
    Microsoft Security Bulletin MS02-039. Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution (Q323875). Available online at:
  39. 39.
    Government of Canada OCIPEP. Microsoft SQL Server 2000 Slammer Worm—Impact Paper (2003) Google Scholar
  40. 40.
    Lee, C.B., Roedel, C., Silenok, E.: In: Detection and Characterization of Port Scan Attacks, vol. 2004, San Diego, CA (2003) Google Scholar
  41. 41.
    Bro: an open source Unix based Network intrusion detection system (NIDS). (2010)
  42. 42.
    Snort: an open source network intrusion prevention and detection system (IDS/IPS). (2010)
  43. 43.
    Staniford, J.A.H.S., McAlerney, J.M.: Practical automated detection of stealthy portscans. In: Proceedings of the 7th ACM Conference on Computer and Communications Security (2000) Google Scholar
  44. 44.
    Aniello, L., Lodi, G., Baldoni, R.: Inter-domain stealthy port scan detection through complex event processing. In: 13th European Workshop on Dependable Computing (EWDC 2011) (2011) Google Scholar
  45. 45.
    OWASP page on Cross-site Scripting attacks,, last visited: September 2011
  46. 46.
    OWASP page on Cross-site Request Forgery attacks,, last visited: September 2011
  47. 47.
    Goodin, D.: Server-based botnet floods net with brutish SSH attacks. (accessed on 01/24/11) (2010)

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Mirco Marchetti
    • 1
  • Michele Colajanni
    • 1
  • Michele Messori
    • 1
  • Leonardo Aniello
    • 2
  • Ymir Vigfusson
    • 3
  1. 1.University of Modena and Reggio EmiliaModenaItaly
  2. 2.Dipartimento di Ingegneria Informatica, Automatica e Gestionale Antonio RubertiUniversità degli Studi di Roma “La Sapienza”RomaItaly
  3. 3.School of Computer ScienceReykjavík UniversityReykjavíkIceland

Personalised recommendations