Banks Bracing for Another Round of DDoS Attacks

Anthony Freed
By | December 18, 2012

Posted in: Banking DDoS Protection

Major U.S. banks are in for another round of Distributed Denial of Service (DDoS) attacks at the hands of Muslim extremist group Izz ad-Din al-Qassam Cyber Fighters, who vowed last week to renew their operations against the financial sector after having ceased attacks for nearly a month.

"The past week’s attacks, showed our ability in doing wideness attacks so efficiently and of course this is not all of the Izz ad-Din al-Qassam’s ability," the group stated in a Pastebin post. "The attacks will be persistent till eliminating injustice and stopping the insults to the prophet of mercy and removing the offensive film, and we are sure that we will reach to our goals."

The attacks last week targeted U.S. Bancorp, JPMorgan Chase, Bank of America, PNC Financial Services Group and SunTrust – all of whom were previously targeted in the first round of the group's protest of a controversial YouTube video. HSBC, Ally, BB&T, Wells Fargo and Capital One have also been the subject of attacks, which began in mid-September.

"The attacks of this week will be as wide as previous week. The 5 major US banks will be attacked and we subsequently suggest that from now on they prepare their context of sorrowfulness to the customers of banks because of inaccessibility," the group stated.

The Financial Services Information Sharing and Analysis Center (FS-ISAC) issued an advisory warning institutions that the latest wave of DDoS attacks could be more severe than those conducted earlier, and that member organizations have been sharing data on the attacks in order to assist in defending against the tactic.

"Targeted institutions have been working together with members of the security community and with government partners to help defend against the attacks. Information pertaining to tactics and techniques has been shared among these parties and with the broader FS-ISAC membership. FS-ISAC has provided best practices to its members to mitigate risk from these types of attacks," FS-ISAC stated in the advisory.

"Financial institutions should ensure they have reviewed their distributed-denial-of-service detection and mitigation plans, as well as recent threat intelligence shared by and through the FS-ISAC. FS-ISAC is working with its members, its partners and government agencies to monitor this threat, share information and support members under attack," the memo advises.

Stephen Gates, Security Evangelist at Corero Network Security, notes that today’s traditional technologies like firewalls and IPS solutions were not designed to stop application layer DDoS attacks, and that many of the attackers know this. In fact, in some DDoS attacks, network disruptions may not even be the end goal, as the attackers may be seeking to create a diversion in order to penetrate a network and carry out a more serious attack. Gates says that in order to do that, they may actually target the network’s firewall.

“What organizations put in place to protect them actually is being used against them,” said Gates. “A new first line of defense has to be put in place to stop unwanted traffic before it hits the firewall and IPS – allowing those technologies to do the jobs they were built to do.”

Those concerned about their organization’s potential for exposure to DDoS attacks are encouraged to take a free DDoS preparedness assessment test, which provides a customized evaluation and subsequent recommendations based on answers to a short questionnaire. The DDoS assessment, which employs a series of analytical algorithms, can be conducted in a matter of minutes by following the instructions here:  DDoS Preparedness Test.

You May Also Be Interested In: