The bad news: yet more U.S. banks are falling victim to so-called Distributed Denial of Service attacks that flood websites with extraneous data, essentially overwhelming their ability to respond to legitimate inquiries.
U.S. Banccorp on Thursday joined a list of DDoS victims that includes Citigroup, Wells Fargo, JPMorgan Chase and Bank of America.
The good news: the attacks have done no damage to the banks’ IT infrastructure, said experts.
The attacks have been claimed by Fizz ad-Din al-Assam Cyber Fighters, an Islamic group that said it is taking down banks in protest of a short, anti-Islam film that has provoked rioting and violent protests in many Islamic countries.
That group has posted authorship claims on Pastebin, a website often used by hackers to announce their actions.
Experts do not necessarily believe those claims, but they do not say they are false, either. Nobody currently knows who, or what, is behind the attacks.
To date, no credit unions have indicated that they have been victimized. However, experts told Credit Union Times that the list of financial institutions that have suffered attack is in fact larger than the list of those that have publicly acknowledged they have been victimized
Jeffrey Lyon, president of Los Angeles security firm Black Lotus, said in an interview that the actual hackers who have conducted the attacks may be for-hire cyber criminals without any particular ideology.
Their skills, he said, are increasingly available for purchase. This makes tracking down exactly who is behind a specific attack that much harder.
Matters may get still worse is the message from Matthew Prince, CEO of CloudFlare, a San Francisco-based security company. He said, “The attacks have been getting more sophisticated.” Defenders have had to significantly up their game, according to Prince.
Prince added that “this appears to be a systematic attack on the nation’s financial system. They appear to be probing smaller institutions now. This has the feel of someone working down a list, looking for weaknesses.”
Prince’s message: no financial institution should believe it is safe from attack. The next phase is presently unknown.