Suntrust and Regions Latest Victims in Denial of Service Attacks

Anthony Freed
By | October 12, 2012

Posted in: Network Security Trends

Suntrust Bank and Regions Bank are the latest targets in a series of Distributed Denial of Service (DDoS) attacks being claimed by an Islamic extremist group called Izz ad-Din al-Qassam Cyber Fighters, which made good on their October 8th threat to assail the institutions.

Earlier this week Capital One had confirmed the bank's website was experiencing intermittent outages due to a flood of traffic consistent with a DDoS attack, and previous targets in the ongoing campaign against American financial institutions over the last few weeks include Wells Fargo, US Bank, PNC, Bank of America, and JPMorgan Chase.

"We have seen increased online traffic today and experienced intermittent service availability of some online functions," SunTrust spokesman Michael McCoy was quoted as stating. No further details on the attack have been released. "We typically don't discuss security-related matters," McCoy explained.

In a posting in Pastebin attributed to the attackers, the group had threatened to unleash DDoS assaults against the websites of SunTrust on Wednesday and Regions on Thursday in protest of a now infamous YouTube video that has raised the ire of many in the Muslim world for its less than flattering portrayal of the Islamic prophet Mohammed.

While Izz ad-Din al-Qassam maintains that the attacks were wholly motivated by the controversial YouTube video, some security experts suspect that the attacks may be a diversionary tactic for a spear-fishing campaign designed to spread malware targeting financial account access credentials.

The speculation is tied to a jointly published an alert issued last month by the Financial Services – Information Sharing and Analysis Center (FS-ISAC), the FBI and the Internet Crime Complaint Center (IC3) warning of a coordinated operation by cybercriminal syndicates engaged in fraudulent wire transfers, though authorities have yet to confirm there is a connection.

Network-layer DDoS attacks are a popular tactic among hacktivists because they are generally low-tech and easy to carry out. The attacks typically employ a barrage of requests directed at a web server at a high frequency which can cause disruptions, rendering the targeted website inaccessible.

Analyzing traffic can a laborious undertaking, and reducing the volume of data to sift through with a first line of defense can prove advantageous in maintaining a robust network security stance.

"When we think Denial of Service (DoS) we tend to think of the headline grabbing DDoS attacks like those against a couple of major banks recently. But there is a lot of unwanted network traffic that is not just purely malicious," writes IT-Harvest's Richard Stiennon of innovative solutions available on the market, noting that a new first line of defense is needed to remove the unauthorized traffic before it hits the network, which is built on technology that wasn’t designed to handle these types of attacks.

Stiennon points to new technology that resides at the perimeter of the network. "Why not deploy an intelligent appliance behind the router and in front of the firewall? Filter out all the junk before you expend any resources in your firewall, or log all the events with your IDS/SEIM. Reduce your need for multiple servers and load balancers," he recommends.

You May Also Be Interested In: