- Home
- Articles
Hacktivists Threaten More DDoS Attacks
Banking Institutions Warned to Look Out for Fraud
The hacktivist group Izz ad-Din al-Qassam Cyber Fighters, in a Feb 12 posting, warns that its distributed-denial-of-service attacks against U.S. banks and credit unions could resume soon. The group had announced on Jan. 29 a suspension of its attacks.
Security experts warned, even before the latest posting, that more DDoS attacks against banking institutions were likely, saying the hacktivist group's reasons for suspending the attacks seemed suspicious. Evidence also suggests the botnet used in the attacks continues to grow.
Related Content
- New Bank Attacks Expected Today?
- House Panel: 2 Chinese Firms Pose IT Security Risks
- Facebook Hack: What the Breach Tells Us
- Incident Response: Gathering the Facts
- Bashas' Breach Exposes Security Flaws
Rodney Joffe, a senior technologist for online security provider Neustar Inc., says the botnet has likely already been used against other industries in other global markets. And other security experts agree the attacks eventually could be used to conceal fraud.
As a result, banking institutions, as well as other organizations with a significant online presence, need to stay vigilant and committed to DDoS prevention.
The Office of the Comptroller of the Currency late in 2012 recommended that banks:
- Prepare for DDoS attacks by having sufficient staffing in place;
- File suspicious activity reports if DDoS attacks affect critical information, including customer account details, or if damage occurs to critical banking systems;
- Conform to the Federal Financial Institutions Examination Council's updated authentication guidance and implement layers of security;
- Provide accurate and timely communication to customers or members regarding website problems, risks and precautions.
Mixed Messages
On Jan. 29, Izz ad-Din al-Qassam CyberFighters announced plans to suspend its attacks against U.S. banks, citing as the reason the removal of YouTube's most popular link to a video deemed offensive to Muslims (see Hacktivists Suspend DDoS Attacks).
But in its latest Pastebin post, the hacktivist group says that unless other links to the video also are quickly removed, U.S. banking institutions are at risk of a resumption of attacks.
"We warn again that, remove the film copies till there is time and do not harden the situation for yourself and banks' online users," the group's post states.
New Attacks Anticipated
Many in the industry expected the suspension of attacks to be short-lived.
"Now is not a time for anyone to let their guard down simply because [hacktivists] said they've 'called off' the attacks," says a security officer at a midwestern community institution, who asked to remain anonymous. "In my mind, it just tells me they're planning something even bigger and more damaging."
Financial fraud consultant Al Pascual, an analyst with Javelin Strategy & Research, notes: "The industry should remain guarded, but other industries should take note, as Izz ad-Din al-Qassam could potentially change their primary target after sharpening their teeth on the financial industry."
Joffe of Neustar says evidence suggests the botnet already has been used in attacks beyond those striking U.S. banking institutions.
"The attacks against the banks started on Sept. 18," Joffe says. "However, we already saw the same malware being spread through an attack on Aug. 19. It's almost like an attack that's looking for a purpose. The video seems to have provided that purpose."
Joffe claims the same botnet used in recent DDoS campaigns against the U.S. financial sector was used in earlier attacks waged against different industries in different countries, although he declined to elaborate on the details.
The hacktivists' two attack campaigns against banks "all could just be a way of demonstrating the size and the capability of the botnet," he adds.
The sporadic nature of the attacks suggests criminal organizations are behind them, or that the hacktivists are more interested in leasing their botnet for profit than they are in making a political statement, he contends.
"It is quite possible that the controllers of the botnet are in business, and not notionally connected with the ultimate attackers, and are being paid by someone with a political motive," Joffe says.
- 1
- 2
Follow Tracy Kitten on Twitter: @FraudBlogger
John Stewart, chief security officer at network provider Cisco, says too many organizations develop...
Latest Tweets and Mentions
John Stewart, chief security officer at network provider Cisco, says too many organizations develop...
The ISMG Network
-
Webinar
Vendor Management Part II: Assessing Vendors - the Do's and Don'ts of Choosing a Third-Party Service Provider
-
Article
GAO Sees Vulnerabilities in IRS Systems
Auditor: Parts of IRS Infosec Program Haven't Function as Intended
-
Article
HHS Audits: How to Prepare
Experts Explain Evidence to Gather, Steps to Take
-
Interview
Risk Analysis: Avoiding Mistakes
Insights on the Right Steps to Take
-
Interview
Developing Information Superiority
Gaining an Information Advantage to Counter the Cyber-Threat
-
Interview
HIPAA Audits: A Status Report
OCR's McAndrew Offers an Update
-
Interview
Formalizing Cyber-Physical Security
Center for Internet Security Creates Integrated Intelligence Center
-
Interview
Cleveland Clinic: Assessing Risks
InfoSec Director Outlines 2013 Strategy
-
Article
New DDoS Warning Issued by Regulator
Second Alert Recommends Defensive Steps
-
Article
GAO Calls for New Cybersec Strategy
White House: No Need for Yet Another Strategy