The home improvement chain also said the malware responsible for the breach has been removed from all stores.
The payment processing platform is owned by IPG Holdings Limited, an independent, privately-owned technology company that specializes in the development, maintenance, and support of enterprise payment gateways delivered through Software-as-a-Service.
HOLLYWOOD, FL – (May 8, 2012) – Prolexic, the global leader in Distributed Denial of Service (DDoS) protection services, announced today that it has mitigated several DDoS attacks against a URL used by online merchants for payment processing.
The payment processing platform is owned by IPG Holdings Limited, an independent, privately-owned technology company that specializes in the development, maintenance, and support of enterprise payment gateways delivered through Software-as-a-Service (SaaS). IPG hosts payment forms for some large direct merchants and payment service providers and these front-facing forms have been vulnerable to DDoS attacks.
“DDoS attackers are constantly finding new ways to modify bots to infiltrate online businesses and wreak havoc by disrupting the processing of customer transactions,” said Neal Quinn, chief operating officer at Prolexic. “IPG is another example of the increasing sophistication of DDoS attacks, which reinforces the need for DDoS protection for all e-Commerce providers.”
In the case of IPG, the attackers’ bots picked up the IPG payment processing URL and included it in an attack on multiple merchant sites. At first, IPG mitigated these attacks by blackholing the IP address of the payment form, which had come under attack. However, this meant that a merchant's ability to process payments ceased immediately, causing serious disruptions in revenue flow and financial losses for their suppliers.
Using more than 20 proprietary and commercial mitigation tools, Prolexic technicians quickly identified two attacks on the payment platform URL. The first was an 8-hour GET Flood, which peaked at 350 Mbps and 380,000 packets-per-second (pps). As that attack was mitigated, the attackers ramped up their efforts, launching a multi-vector attack consisting of a GET Flood, UDP Fragment, and RESET Flood which peaked at 200 Mbps, 50,000 pps and 4.5 million connections per second. This attack lasted for over 3 days before the attackers gave up after every attack signature change was immediately thwarted in real-time by Prolexic’s technicians.
Today, IPG collaborates with Prolexic to offer merchants a DDoS-protected payment form URL, which IPG manages on behalf of the merchant as part of its service offering. This protection has been put in place for all IPG merchants/customers who have come under DDoS attack to date.
“As part of our DDoS protection strategy, IPG is proactively offering the form-based service offering and referring larger merchants to the Prolexic service to protect their front end sites as well,” says Alan Conder, chief executive officer at IPG. “With DDoS threats becoming more sophisticated, I would suggest to other online businesses to have a pre-planned strategy in place so they have pre-meditated steps they can take to deal with an attack if or when it arises.”
To learn more, read the full case study at www.prolexic.com/ipg.
Prolexic is the world’s largest, most trusted Distributed Denial of Service (DDoS) mitigation provider. Able to absorb the largest and most complex attacks ever launched, Prolexic restores mission-critical Internet-facing infrastructures for global enterprises and government agencies within minutes. Ten of the world’s largest banks and the leading companies in e-Commerce, SaaS, payment processing, travel/hospitality, gaming and other at-risk industries rely on Prolexic to protect their businesses. Founded in 2003 as the world’s first in- the-cloud DDoS mitigation platform, Prolexic is headquartered in Hollywood, Florida and has scrubbing centers located in the Americas, Europe and Asia. To learn more about how Prolexic can stop DDoS attacks and protect your business, please visit www.prolexic.com, follow us on LinkedIn, Facebook and Google+ or follow @Prolexic on Twitter.