Major Banks Fend Off Barrage Of DDoS Attacks

Printer-friendly version Email this CRN article

Major financial institutions throughout the Western world have been fending off a series of cyber attacks believed to be coming from the Middle East where hacktivists, and potentially governmental entities, are retaliating against developments such as diplomatic pressure against the Iranian nuclear program as well as the anti-Islamic film deemed insulting to Muslims.

A series of DDoS attacks have been launched against a variety of banks, including Bank of America, Citigroup, J.P. Morgan Chase, PNC, U.S. Bank and Wells Fargo. The attacks are believed to be the most extensive use of DDoS ever seen

On Sept. 19, the Financial Services Information Sharing and Analysis Center (FS-ISAC) set its threat level to "High" and issued a statement that said, "Issues of concern include recent credible intelligence regarding the potential for DDoS and other cyber attacks against financial institutions. Members should maintain a heightened level of awareness and apply all appropriate updates, particularly for the Microsoft out-of-band bulletin for Internet Explorer and Cisco security advisory releases. Update AV and IDS/IPS signatures and ensure constant diligence in monitoring and quick response to any malicious events."

[Related: Iran Denies Claim of DoS Attacks Against Banks]

The attacks began very shortly thereafter. The DDoS attacks flooded the networks of several of the institutions, occasionally causing interruptions in online services. Whether any long-term damage has resulted from this onslaught remains to be seen.

"Years ago hacking was a very specialized skill, but now it has become highly commoditized," said Harry Sverdlove, CTO of Bit9, a Waltham, Mass.-based security vendor. "Moore's law almost applies to cyber attacks, in a way. Every 24 months we see the level of sophistication double because the criminals are sharing techniques. So a denial of service is as simple as downloading a small utility that is highly available on a lot of different websites. So now you can take down a large website with a minimum of capabilities and expertise."

Aside from the technical components, other industry experts say the geopolitical situation has opened up the United States to cyber attacks based on previous actions of the US government.

"Our role in Stuxnet opens up Pandora's box," said Paul Henry, a security and forensic analyst at Lumension. "We've basically said that a cyber attack is equivalent to an act of war and could be met with any military response from the United States. Then people in glass houses probably should not throw rocks like Stuxnet," he said, referring to the Stuxnet worm, a weaponized piece of malware used to attack the Iranian nuclear program, beginning in 2010.

Those attacks are widely believed to have come from either Israel or the U.S. "Any third world country with a grudge against the United States and an Internet connection now believes, by example from the United States, that it is acceptable to promote your political viewpoint by launching a cyber attack," said Henry. "We did it. Why should we expect that they would not?"

NEXT: Who Fired The First Shot?

Printer-friendly version Email this CRN article