Along with huge companies, well-known brands, and popular websites, retail Forex brokers, especially MT4 ones, are also facing DDoS attacks daily.
Andrew Shoemaker, founder of DDoS testing company NimbusDDOS, has more than 20 years experience in the DDoS space. He’ll answer some of the most frequently asked questions that come to a broker’s mind when thinking of a DDoS attack and shed more light in the DDoS space.
LeapRate: What exactly is a DDoS attack?
A Distributed Denial of Service (DDoS) attack is a type of network attack intended to make an organization’s online resources unreachable to customers and legitimate users. Although these attacks have existed since the earliest days of the Internet, recent trends indicate the frequency of occurrence to be increasing at 100%-150% yearly.
LeapRate: Who is targeted by DDoS attacks?
All businesses can be targeted and impacted by DDoS attacks. In recent years, the media has reported on well-known brands such as Sony, Microsoft, Visa and Bank of America as being targeted and disrupted by DDoS attacks.
Below are some specific high-risk flags:
- High-risk industries (financial, healthcare, government, ecommerce, online media, gambling, adult entertainment)
- Business revenue is closely associated with online presence (example: e-commerce company)
- Businesses at risk of reputation damage
- Well-known brands are often targets of extortion
LeapRate: Why do these DDoS attacks happen in the first place?
The primary motivation for attacks on forex markets is simple extortion. In my observations this accounts for the majority of attacks seen in the wild. Since the broker provides a real-time platform for the buying and selling of currencies, they have the same high level of risk often seen in ecommerce websites. Simply put, if the service is unavailable, then the broker loses money, so the broker has a strong motivation to pay. Aside from extortion, another motivation is for a broker to launch a DDoS attack against a competitor. This is less common is large brokers, and heavily regulated jurisdictions.
LeapRate: What do forex brokers do in the first place to provoke these attacks?
I think its not so much about provocation, but rather that attackers view them as an easy target. Specifically the MT4 brokers likely all suffer from the same challenges because their platform is built upon the same software.
LeapRate: MT4 brokers are attacked quite often – How can forex brokers protect themselves?
The forex brokers tend to be more challenging to protect due to the design of the trading platform. Since you mentioned MT4, I’ll speak specifically about that. MT4 uses a proprietary communication protocol for the transmission of data between the trader and the broker. The issue with this is that most major cloud DDoS mitigation vendors are specifically built to protect the standard web protocols HTTP and HTTPS. The use of proprietary protocols specifically excludes many of these vendors. Additionally, since the communication between the trader and the broker is through an API, many of the common mitigation strategies used by mitigation vendors won’t work. For instance, a common strategy implemented by many mitigation vendors is to use a captcha, or a javascript challenge to separate legitimate traffic from bad. This isn’t possible with API traffic. Due to these limitations, most mitigation vendors will default to a simplistic source rate-limiting method which limits how much traffic can be sent from individual IP addresses. Forex brokers may be able to see some release by using on-premise DDoS mitigation hardware if their network connections are substantial. Alternatively, a cloud DDoS vendor that offers a BGP routed solution rather than a proxy solution may also work. The key to any solution selected is to test it for efficacy.