Page 1 of 2
An Islamic group believed to be responsible for a series of cyberattacks against U.S.-based banks and financial institutions appears poised to renew its attacks
The cell known as the Izz ad-Din al-Qassam Cyber Fighters issued a statement on their Pastebin profile this week announcing the start of "Phase 2 Operation Ababil."
"In new phase, the wideness and the number of attacks will increase explicitly; and offenders and subsequently their governmental supporters will not be able to imagine and forecast the widespread and greatness of these attacks," reads the Pastebin post, which also alludes to various political issues impacting relations between Western nations and the Muslim world.
[Related: The 10 Biggest Security Stories Of 2012]
The statement specifically targeted U.S. Bancorp, JPMorgan Chase, Bank of America, PNC Financial Services and SunTrust Banks. A spokesperson from U.S. Bank was quoted as saying that his institution had already been hit by a DDoS attack that was impacting online access to customer accounts. There are also unconfirmed reports that other financial institutions on the target list have sustained similar attacks with varying degrees of success.
"Some of the attacks look the same, but there are new types of attacks taking place as well," said Curt Wilson, research analyst with Arbor Networks. "There is also a new form of DNS attack in use. Sometimes DNS attacks use malformed packets, and those are easier to deal with. But, these look like legitimate DNS packets, which makes them more convincing. The main addition seems to be a new attack method that uses specially crafted DNS packets. These are not just script kiddies."
Although U.S. officials appointed to Iran as the likely source of the attacks, the group claims to be unaffiliated with any specific government.
"Most of these types of DDoS attacks have multiple components to them," said Stephen Gates, technology evangelist at Corero Network Security, a Hudson, Mass.-based vendor that specializes in thwarting DDoS attacks. "The first thing they do is launch a big volumetric attack. When the financial institution starts to respond by trying to block that attack in the cloud, they launch low-and-slow application layer types of DDoS attacks. These may be specially crafted packet types of attacks targeting session tables, for example. With the full breadth of the attack, it becomes very difficult to defend against everything."
