- Home
- Articles
Hacktivists Threaten More DDoS Attacks
Banking Institutions Warned to Look Out for Fraud
The hacktivist group Izz ad-Din al-Qassam Cyber Fighters, in a Feb 12 posting, warns that its distributed-denial-of-service attacks against U.S. banks and credit unions could resume soon. The group had announced on Jan. 29 a suspension of its attacks.
Security experts warned, even before the latest posting, that more DDoS attacks against banking institutions were likely, saying the hacktivist group's reasons for suspending the attacks seemed suspicious. Evidence also suggests the botnet used in the attacks continues to grow.
Related Content
- Fraud, Security at the Crossroads
- Defending Against 'Blitzkrieg' Trojan
- Why Organizations Fail to Encrypt
- Infosec: One Step Forward, One Step Back
- New Fraud Scheme Launched Via Chat
Related Whitepapers
- Business-Driven Identity and Access Management: A Buyer's Guide
- Business-Driven Identity and Access Management: Why This New Approach Matters
Rodney Joffe, a senior technologist for online security provider Neustar Inc., says the botnet has likely already been used against other industries in other global markets. And other security experts agree the attacks eventually could be used to conceal fraud.
As a result, banking institutions, as well as other organizations with a significant online presence, need to stay vigilant and committed to DDoS prevention.
The Office of the Comptroller of the Currency late in 2012 recommended that banks:
- Prepare for DDoS attacks by having sufficient staffing in place;
- File suspicious activity reports if DDoS attacks affect critical information, including customer account details, or if damage occurs to critical banking systems;
- Conform to the Federal Financial Institutions Examination Council's updated authentication guidance and implement layers of security;
- Provide accurate and timely communication to customers or members regarding website problems, risks and precautions.
Mixed Messages
On Jan. 29, Izz ad-Din al-Qassam CyberFighters announced plans to suspend its attacks against U.S. banks, citing as the reason the removal of YouTube's most popular link to a video deemed offensive to Muslims (see Hacktivists Suspend DDoS Attacks).
But in its latest Pastebin post, the hacktivist group says that unless other links to the video also are quickly removed, U.S. banking institutions are at risk of a resumption of attacks.
"We warn again that, remove the film copies till there is time and do not harden the situation for yourself and banks' online users," the group's post states.
New Attacks Anticipated
Many in the industry expected the suspension of attacks to be short-lived.
"Now is not a time for anyone to let their guard down simply because [hacktivists] said they've 'called off' the attacks," says a security officer at a midwestern community institution, who asked to remain anonymous. "In my mind, it just tells me they're planning something even bigger and more damaging."
Financial fraud consultant Al Pascual, an analyst with Javelin Strategy & Research, notes: "The industry should remain guarded, but other industries should take note, as Izz ad-Din al-Qassam could potentially change their primary target after sharpening their teeth on the financial industry."
Joffe of Neustar says evidence suggests the botnet already has been used in attacks beyond those striking U.S. banking institutions.
"The attacks against the banks started on Sept. 18," Joffe says. "However, we already saw the same malware being spread through an attack on Aug. 19. It's almost like an attack that's looking for a purpose. The video seems to have provided that purpose."
Joffe claims the same botnet used in recent DDoS campaigns against the U.S. financial sector was used in earlier attacks waged against different industries in different countries, although he declined to elaborate on the details.
The hacktivists' two attack campaigns against banks "all could just be a way of demonstrating the size and the capability of the botnet," he adds.
The sporadic nature of the attacks suggests criminal organizations are behind them, or that the hacktivists are more interested in leasing their botnet for profit than they are in making a political statement, he contends.
"It is quite possible that the controllers of the botnet are in business, and not notionally connected with the ultimate attackers, and are being paid by someone with a political motive," Joffe says.
- 1
- 2
Follow Tracy Kitten on Twitter: @FraudBlogger
Hacktivists on Christmas Day announced new plans for more DDoS attacks against U.S. banks, and it...
Latest Tweets and Mentions
Hacktivists on Christmas Day announced new plans for more DDoS attacks against U.S. banks, and it...
The ISMG Network
-
Webinar
Risk Assessment for EHR Meaningful Use: Methodologies and Processes
-
Article
GAO Sees Vulnerabilities in IRS Systems
Auditor: Parts of IRS Infosec Program Haven't Function as Intended
-
Interview
BITS on Top Fraud Threats to Banks
New Fraud Prevention VP on Latest Trends, Strategies
-
Article
HHS Audits: How to Prepare
Experts Explain Evidence to Gather, Steps to Take
-
Article
Cyber Commander Addresses DDoS
Says It's Not Government's Role to Defend Banks
-
Article
DDoS Attacks Spread Beyond Banking
U.S. Electric Utility Suffers Outage as Bank Strikes Continue
-
Interview
Risk Analysis: Avoiding Mistakes
Insights on the Right Steps to Take
-
Interview
Organized Crime: Threat to Health Data
Expert Discusses Emerging Cyberthreats
-
Article
DDoS: Preparing for New Attacks
Institutions Should Focus on Enhancements, New Defenses
-
Interview
HIPAA Audits: A Status Report
OCR's McAndrew Offers an Update