5 Banks Targeted for New DDoS Attacks

Hacktivist Group Warns of 'Widespread' Strikes

Izz ad-Din al-Qassam Cyber Fighters has announced the "second phase" of its hacktivist campaign, saying five major U.S. banks will be the victims of new distributed-denial-of-service attacks starting this week.

See Also: Live Webinar | App Defined, Autonomous and Delivered from the Cloud

U.S. Bancorp, JPMorgan Chase, Bank of America, PNC Financial Services Group and SunTrust Banks are the latest targets, according to the group, which announced its plans in a Dec. 10 Pastebin posting.

"In [this] new phase, the wideness and the number of attacks will increase explicitly; and offenders and subsequently their governmental supporters will not be able to imagine and forecast the widespread and greatness of these attacks," the group writes.

Each of these five banks suffered DDoS attacks during phase one of the hacktivist group's campaign, which ran roughly from mid-September to mid-October. During that period, the group claimed responsibility for attacks on 10 major banks. Each institution was warned ahead of time, but none was able to completely fend off the attacks, which caused online banking outages of varying lengths.

Reprisal Against Film

Starting in mid-September, DDoS attacks resulted in online outages at Bank of America, Chase Bank, Wells Fargo, PNC Bank, U.S. Bancorp, SunTrust, Regions Bank, HSBC Holdings, BB&T Corp. and Capital One.

In taking credit for these attacks, Izz ad-Din al-Qassam Cyber Fighters said the motivation was outrage related to a YouTube movie trailer deemed offensive to Muslims.

In its latest posting, the group repeats its vow to continue attacks until the U.S. removes the offensive video from the Internet.

"The implementing of these attacks is because of widespread and organized offends to Islamic spirituals and holy issues," the group says, adding "if this offended film is going to be eliminated from the internet, the belonging attacks also will be stopped."

Reducing Risks

Security experts say DDoS attacks are often used as tools of distraction to mask fraud in the background (see What to Do About DDoS Attacks). To reduce risk of DDoS takedown, experts advise banking institutions to:

Use appropriate technology, including cloud-based Web servers, which can handle overflow when high volumes of Web traffic strike;

Assess ongoing DDoS risks, such as through tests that mimic real-world attacks;

Implement online outage mitigation and response strategies before attacks hit;

Train staff to recognize the signs of a DDoS attack.

BITS, the technology division of the Financial Services Roundtable, offers a seven-point response plan that includes assessing security controls and communicating with customers (see Bank Attacks: 7 Steps to Respond). Specific steps include:

Review the software patch status of the network, and manage network bandwidth to minimize non-DDoS-attack related issues. Also, review ongoing strategies for patching IT systems.

Coordinate with ISPs and other service providers to implement traffic controls such as scrubbing, rate-limiting and source-blocking.

Ensure post-attack communications strategies include internal and external incident notification.

For more on responding to DDoS attacks, see this new webinar from Information Security Media Group: The New Wave of DDoS Attacks: How to Prepare and Respond.