Financial Exchange Blitzed by Massive Memorial Day Cyber Attack

While most of America spent Monday celebrating the Memorial Day holiday, the website of one real-time financial exchange was bombarded by a gigantic cyber attack that is believed to be one of the largest distributed denial of service attacks in history.

Prolexic said it successfully deflected the global onslaught, which had a peak bandwidth of 167 gigabytes per second, the largest DDoS attack mitigated in the security firm’s 10-year history.

“This was a massive attack that made up in brute force what it lacked in sophistication,” Prolexic CEO Scott Hammack said in a statement on Thursday disclosing the attack.

Prolexic said no malicious traffic reached the exchange’s website and downtime was avoided. “In fact, the company wasn’t even aware it was under attack,” said Hammack.

DDoS attacks are fairly common cyber assaults that attempt to slow down or even block access to websites, frustrating businesses and customers alike.

While the Memorial Day attack was measured at 167 gbps, Prolexic said the average attack bandwidth stood at 48.25 gbps in the first quarter of 2013, up 691% year-over-year and 718% from the fourth quarter of last year.

Citing client confidentiality agreements, Prolexic wouldn’t say which exchange was targeted in the Monday attack, which occurred when major U.S. exchanges like Nasdaq OMX Group (NASDAQ:NDAQ) and NYSE Euronext’s (NYSE:NYX) New York Stock Exchange were closed for the holiday. Both exchanges have been targeted in the past by hackers.

Last month while detailing a massive cyber attack, Mt. Gox, the largest exchange used for transactions involving virtual currency Bitcoin, said its services are “protected by companies like Prolexic.”

Exchanges are considered high-profile targets due to the fact they often symbolize capitalism and offer attackers the prospect of manipulating markets.

There weren’t reports of any major attempted cyber attacks on Monday. Radware (NASDAQ:RDWR), another company that provides security services, said it had “no information” that supports the size of the attack spelled out by Prolexic.

While Prolexic refused to disclose the identity of the target exchange, it did say the attack was a DNS reflection attack, which seeks to exploit weaknesses in the Domain Name System Internet protocol.

The security firm also said the attack was distributed across its four cloud-based scrubbing centers in Hong Kong, London, San Jose and Ashburn, Va.

Hammack said he believes it’s “only a matter of time,” perhaps as early as the end of the second quarter, that DDoS attacks eclipse the 200 Gbps marker.