- Home
- Articles
Hacktivists Threaten More DDoS Attacks
Banking Institutions Warned to Look Out for Fraud
The hacktivist group Izz ad-Din al-Qassam Cyber Fighters, in a Feb 12 posting, warns that its distributed-denial-of-service attacks against U.S. banks and credit unions could resume soon. The group had announced on Jan. 29 a suspension of its attacks.
Security experts warned, even before the latest posting, that more DDoS attacks against banking institutions were likely, saying the hacktivist group's reasons for suspending the attacks seemed suspicious. Evidence also suggests the botnet used in the attacks continues to grow.
Related Content
- GAO Calls for New Cybersecurity Strategy
- New Bank Attacks Expected Today?
- New Trojan Exploits Mobile Channel
- Staffing Crisis: What to Do About it
- Why Banks Can Expect More Attacks
Related Whitepapers
- Fighting Banking Fraud Without Driving Away Customers
- Simplifying Employees Investigations
- DDoS Attacks: How to Reduce Your Risks
- Detect Monitoring Service: The Art of Rapidly Detecting and Eliminating Phishing Threats
- The Threat Within: The Case for Zero Trust Access Control
Rodney Joffe, a senior technologist for online security provider Neustar Inc., says the botnet has likely already been used against other industries in other global markets. And other security experts agree the attacks eventually could be used to conceal fraud.
As a result, banking institutions, as well as other organizations with a significant online presence, need to stay vigilant and committed to DDoS prevention.
The Office of the Comptroller of the Currency late in 2012 recommended that banks:
- Prepare for DDoS attacks by having sufficient staffing in place;
- File suspicious activity reports if DDoS attacks affect critical information, including customer account details, or if damage occurs to critical banking systems;
- Conform to the Federal Financial Institutions Examination Council's updated authentication guidance and implement layers of security;
- Provide accurate and timely communication to customers or members regarding website problems, risks and precautions.
Mixed Messages
On Jan. 29, Izz ad-Din al-Qassam CyberFighters announced plans to suspend its attacks against U.S. banks, citing as the reason the removal of YouTube's most popular link to a video deemed offensive to Muslims (see Hacktivists Suspend DDoS Attacks).
But in its latest Pastebin post, the hacktivist group says that unless other links to the video also are quickly removed, U.S. banking institutions are at risk of a resumption of attacks.
"We warn again that, remove the film copies till there is time and do not harden the situation for yourself and banks' online users," the group's post states.
New Attacks Anticipated
Many in the industry expected the suspension of attacks to be short-lived.
"Now is not a time for anyone to let their guard down simply because [hacktivists] said they've 'called off' the attacks," says a security officer at a midwestern community institution, who asked to remain anonymous. "In my mind, it just tells me they're planning something even bigger and more damaging."
Financial fraud consultant Al Pascual, an analyst with Javelin Strategy & Research, notes: "The industry should remain guarded, but other industries should take note, as Izz ad-Din al-Qassam could potentially change their primary target after sharpening their teeth on the financial industry."
Joffe of Neustar says evidence suggests the botnet already has been used in attacks beyond those striking U.S. banking institutions.
"The attacks against the banks started on Sept. 18," Joffe says. "However, we already saw the same malware being spread through an attack on Aug. 19. It's almost like an attack that's looking for a purpose. The video seems to have provided that purpose."
Joffe claims the same botnet used in recent DDoS campaigns against the U.S. financial sector was used in earlier attacks waged against different industries in different countries, although he declined to elaborate on the details.
The hacktivists' two attack campaigns against banks "all could just be a way of demonstrating the size and the capability of the botnet," he adds.
The sporadic nature of the attacks suggests criminal organizations are behind them, or that the hacktivists are more interested in leasing their botnet for profit than they are in making a political statement, he contends.
"It is quite possible that the controllers of the botnet are in business, and not notionally connected with the ultimate attackers, and are being paid by someone with a political motive," Joffe says.
- 1
- 2
Follow Tracy Kitten on Twitter: @FraudBlogger
DDoS attacks on banks have returned, and the attackers are changing their tactics. How must...
Latest Tweets and Mentions
DDoS attacks on banks have returned, and the attackers are changing their tactics. How must...
The ISMG Network
-
Webinar
Risk Assessment for EHR Meaningful Use: Methodologies and Processes
-
Article
GAO Sees Vulnerabilities in IRS Systems
Auditor: Parts of IRS Infosec Program Haven't Function as Intended
-
Article
Vulnerability Floors Vulnerability Site
NIST Needed a Week to Bring Website Back Online
-
Article
HHS Audits: How to Prepare
Experts Explain Evidence to Gather, Steps to Take
-
Interview
Risk Analysis: Avoiding Mistakes
Insights on the Right Steps to Take
-
Interview
Organized Crime: Threat to Health Data
Expert Discusses Emerging Cyberthreats
-
Interview
HIPAA Audits: A Status Report
OCR's McAndrew Offers an Update
-
Interview
Cleveland Clinic: Assessing Risks
InfoSec Director Outlines 2013 Strategy
-
Article
Analyzing Health Data Breach Trends
Fewer Individuals Affected in 2012; What's Ahead for 2013?
-
Whitepaper
Business-Driven Identity and Access Management: Why This New Approach Matters