Big Banks Hit With Denial of Service Attacks
First it was Bank of America, whose website appeared to slow to a crawl as it was hit with a so-called Distributed Denial of Service attack, and now the same maladies appear to have afflicted Chase.
In response, FS-ISAC, the Financial Services Information Sharing and Analysis Center, has raised its Cyber Threat Level from “Elevated” to “High” as the organization reported has “credible intelligence regarding the potential for DDoS and other cyber attacks against financial institutions.”
DDoS essentially is a hacker exploit that revolves around saturating a target site with an avalanche of meaningless requests that, by their volume, paralyze the site, making it unavailable to its intended users.
Exactly who is behind the recent DDoS attacks on big banks is unclear. Some organizations put the blame on Islamic extremist groups while others suggest the bad actors are traditional cyber criminals.
Either way, FS-ISAC has warned its members that the present times are perilous and require extra diligence. Said the organization: “Members should maintain a heightened level of awareness, apply all appropriate updates and update AV [anti-virus] and IDS/IPS [Intrusion Prevention Systems/Intrusion Detection Systems] signatures, and ensure constant diligence in monitoring and quick response to any malicious events.”
Noteworthy is that, in the recent FBI warning about cyber criminals seeking to hack into financial institution employees’ computers, the FBI specifically raised the possibility of criminals using DDoS to advance their crimes.
Wrote the FBI: “In some of the incidents, before and after unauthorized transactions occurred, the bank or credit union suffered a distributed denial of service (DDoS) attack against their public website(s) and/or Internet banking URL. The DDoS attacks were likely used as a distraction for bank personnel to prevent them from immediately identifying a fraudulent transaction, which in most cases is necessary to stop the wire transfer.”
It is not presently clear whether the most recent DDoS attacks against the nation’s big banks have any connection to that earlier warning.