4 Banks Respond to DDoS Threats

PNC Uses Social Media, Website to Forewarn Customers

The day after Izz ad-Din al-Qassam Cyber Fighters announced plans to launch a second wave of distributed-denial-of-service attacks on five U.S. banks, SunTrust suffered intermittent outages and Bank of America and PNC said small numbers of their customers reported having trouble accessing their sites. But it remained unclear whether the problems were the result of an attack.

See Also: Live Webinar | App Defined, Autonomous and Delivered from the Cloud

U.S. Bank, which did not suffer any known outages or access issues, did, however, acknowledge that new attacks could be on the way.

On Dec. 11, PNC used social media to warn consumers that site outages should be expected, but that account and online-banking credentials would remain secure. And one expert was advising banks to expect the worst, saying Izz ad-Din al-Qassam Cyber Fighters' second wave of attacks would likely be more fierce than the first.

The online-monitoring site websitedown.com reported that about noon ET on Dec. 11, SunTrust Banks website suffered intermittent outages. But SunTrust executives declined to comment on the nature of the outages.

BofA spokesman Mark Pipitone said that while BofA's site suffered no overall outages, an isolated number of online-banking users reported problems accessing the site. "We're aware of the reports of possible cyberattacks, and we're monitoring our systems, which are fully operational," Pipitone said in the early evening of Dec. 11.

PNC spokeswoman Amy Vargo said some PNC customers may have experienced intermittent difficulty logging in on their first attempts. "We are aware of the situation and working to restore full access," she said during the early evening of Dec. 11. "We are focused on minimizing disruption to our customers and will review the cause of this incident once full access is restored."

And U.S. Bank spokesman Tom Joyce told the Minneapolis/St. Paul Business Journal that the bank is "taking all necessary steps" to prepare for more attacks. "It's important to note that these denial-of-service attacks are designed to slow down banks' websites and create a nuisance for consumers," Joyce said. "Customers can be assured that their data and funds are secure."

The hacktivist group Izz ad-Din al-Qassam Cyber Fighters named SunTrust, U.S. Bancorp, JPMorgan Chase, Bank of America and PNC Financial Services Group as targets for its next wave of DDoS attacks.

The group, in a Dec. 10 post on Pastebin, announced plans for what it portrays as "Phase 2 Operation Ababil" - a second campaign of attacks waged against leading U.S. banks to protest a YouTube movie trailer deemed offensive to Muslims.

All five banks were targets - along with Wells Fargo, Capital One, Regions Bank, BB&T and HSBC - during the first wave of DDoS attacks, which ran from mid-September to mid-October. During that period, each bank's website suffered intermittent outages of varying degrees. CapOne was the only institution targeted twice in the first wave (see CapOne Takes Second DDoS Hit).

PNC's Communications Stand Out

On Dec. 11, three of the five newly targeted banks were remaining quiet, declining to comment about the threat and steps they were taking, if any, to communicate with consumers about the expectation of more attacks.

BofA acknowledged isolated reports from consumers who suffered difficulty logging in. PNC, the only bank to publicly outline details surrounding the DDoS attack it suffered in the first wave, however, immediately took steps to notify the public of the possibility for a second attack.

Through Dec. 11 posts on the social-networking sites Facebook and Twitter, PNC forewarned online-banking customers that outages should be expected.

"This potential threat could result in high volume of electronic traffic that may make it difficult for our customers to log onto online banking," the bank stated on its Facebook page and website. "Please be assured that PNC's website is protected by sophisticated encryption strategies that shield customer information and accounts. We have no information regarding timing, duration or intensity of this potential threat. Please continue to follow our page for additional updates."

Fiercer Attacks Ahead?

Why these five banks have been targeted for a second attack is not clear. But DDoS expert John Walker, who also serves as the chairman of ISACA's Security Advisory Group in London, says banks should expect the new attacks to be more fierce than the first, as the hacktivists promised in their Dec. 10 post.

"By showing the game can be taken to ever-increasing levels starts to focus the mind of the victim organizations as to their frailty," Walker says. "They [the hacktivists] are, I believe, demonstrating their power."

Walker says banks learned valuable lessons during the first wave, which will provide them with tools to better prepare this time around. But they should not be overly confident in their abilities to stave off outages.

"This style of attack has not even matured yet, and there is more to come," he says. "The time has arrived for ... more techno-savvy security - and more honesty in the boardroom - as to real-time security exposure before the event, not just after it has impacted the business."

For more on responding to DDoS attacks, see this new webinar from Information Security Media Group: The New Wave of DDoS Attacks: How to Prepare and Respond.