Capital One has confirmed they are the latest victim in a series of Distributed Denial of Service (DDoS) attacks which have been plaguing the financial sector for several weeks, all of which are being claimed by an Islamic extremist group called Izz ad-Din al-Qassam Cyber Fighters .
The attacks have caused varying periods of disruption affecting websites primarily used for online banking and other customer activities, and previous targets in the campaign include Wells Fargo, US Bank, PNC, Bank of America, JPMorgan Chase, and the New York Stock Exchange.
"Capital One is experiencing intermittent access to some online systems due to a denial of service attack. All other channels are working properly. We are working to restore all online service as soon as possible," Capital One spokeswoman Pam Girardo stated.
According to a posting in Pastebin attributed to the attackers, the group plans to unleash similar DDoS assaults against the websites of SunTrust Bank on Wednesday and Regions Financial on Thursday.
Network-layer DDoS attacks employ a large number of requests which are sent to a web server at such high frequency that they overwhelm the server's processing capacity and cause the system to reset or shut down, rendering the targeted website inaccessible.
Last month the Financial Services – Information Sharing and Analysis Center (FS-ISAC), the FBI and the Internet Crime Complaint Center (IC3) jointly published an alert warning of an uptick in the targeting of financial institution network access credentials for the purpose of conducting fraudulent wire transfers.
The authorities, as well as some security experts, suspect that the recent spate of DDoS attacks may be a diversionary tactic for a spear-fishing campaign designed to spread malware used for acquiring account login information.
It is unclear at this point whether the latest attacks are connected to the instances of wire fraud identified by the FBI, and the hacktivists have denied involvement with any attempts to pilfer funds from the targeted institutions, stating in the Pastebin post: "It is necessary to mention that the Izz ad-Din al-Qassam group has no relation with recent Trojan-based attacks which aims the people's electronic money transfers."
- About Corero
- Investor Relations
- News Room
- Executive Management Team
- Corero Offices
- Contact Us