New Threats Of Cyberattacks Against U.S. Banks6:40 PM EST Thu. Dec. 13, 2012
An Islamic group believed to be responsible for a series of cyberattacks against U.S.-based banks and financial institutions appears poised to renew its attacks
The cell known as the Izz ad-Din al-Qassam Cyber Fighters issued a statement on their Pastebin profile this week announcing the start of "Phase 2 Operation Ababil."
"In new phase, the wideness and the number of attacks will increase explicitly; and offenders and subsequently their governmental supporters will not be able to imagine and forecast the widespread and greatness of these attacks," reads the Pastebin post, which also alludes to various political issues impacting relations between Western nations and the Muslim world.
[Related: The 10 Biggest Security Stories Of 2012]
The statement specifically targeted U.S. Bancorp, JPMorgan Chase, Bank of America, PNC Financial Services and SunTrust Banks. A spokesperson from U.S. Bank was quoted as saying that his institution had already been hit by a DDoS attack that was impacting online access to customer accounts. There are also unconfirmed reports that other financial institutions on the target list have sustained similar attacks with varying degrees of success.
"Some of the attacks look the same, but there are new types of attacks taking place as well," said Curt Wilson, research analyst with Arbor Networks. "There is also a new form of DNS attack in use. Sometimes DNS attacks use malformed packets, and those are easier to deal with. But, these look like legitimate DNS packets, which makes them more convincing. The main addition seems to be a new attack method that uses specially crafted DNS packets. These are not just script kiddies."
Although U.S. officials appointed to Iran as the likely source of the attacks, the group claims to be unaffiliated with any specific government.
"Most of these types of DDoS attacks have multiple components to them," said Stephen Gates, technology evangelist at Corero Network Security, a Hudson, Mass.-based vendor that specializes in thwarting DDoS attacks. "The first thing they do is launch a big volumetric attack. When the financial institution starts to respond by trying to block that attack in the cloud, they launch low-and-slow application layer types of DDoS attacks. These may be specially crafted packet types of attacks targeting session tables, for example. With the full breadth of the attack, it becomes very difficult to defend against everything."
NEXT: Defense in Depth
Gates of Corero Network Security added that it takes a multipronged approach in order to maximize your defensive posture. "You have to leverage the ISP as well as boutique anti-DDoS providers as well as on-premise solutions, like Corero," he said. "Once they fill the pipe, you've got to go upstream with on-premises technology that can defeat the low-and-slow application layer attacks. They also need to look at how to leverage different types of content distribution networks for their static content in order to further maximize their security."
Arbor Networks' Wilson agrees with the point, stressing the need for a multipronged approach.
"If you can get defenses synced up between on-premise and your provider, that's really helpful," he said. "Also it's important to harden the infrastructure. People running Web servers should make sure that they keep their PHP applications up to date. They're very exploitable if they're not up to date, and they can be used to get deeper into the data center."
Previous cyberattacks associated with the Islamic group targeted Bank of America and Wells Fargo, as well as the New York Stock Exchange. In some cases, the impacted networks suffered varying levels of service interruption for a period of days.
PUBLISHED DEC. 13, 2012