Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

New DDoS Attacks Slam US Banks, Attackers Say Worst Is Yet To Come

After an almost one-month hiatus, five U.S.-based banks, U.S. Bancorp, JPMorgan Chase, Bank of America, PNC Financial Services Group, and SunTrust, are again being targeted for a series of denial of service (DoS) attacks.

After an almost one-month hiatus, five U.S.-based banks, U.S. Bancorp, JPMorgan Chase, Bank of America, PNC Financial Services Group, and SunTrust, are again being targeted for a series of denial of service (DoS) attacks.

In a Pastebin message posted on Monday, a hacker group called Izz ad-Din al-Qassam Cyber Fighters warned it would launch a series of distributed denial of service (DDoS) attacks against U.S. financial institutions this week, and named U.S. Bancorp, JPMorgan Chase, Bank of America, PNC, and SunTrust as its targets. Users started reporting problems accessing banking websites Tuesday evening, and some sites were still intermittently inaccessible on Wednesday afternoon.

Bank DDoS AttacksUsers started reporting Bank of America’s Website was not loading beginning Tuesday morning, till about 3pm Eastern Wednesday, according to Sitedown.co. The site websitedown.com reported intermittent outages at SunTrust’s site around noon on Tuesday. PNC took to Facebook and Twitter to keep customers informed of the attacks.

“PNC and other banks have experienced an unusual volume of internet traffic. As a result, some customers may experience slowness or difficulty when logging into online and mobile banking. We are working to resolve this issue as quickly as possible. Please continue to follow our page for additional updates. We apologize for the inconvenience and appreciate your patience,” PNC posted on its Facebook page Tuesday evening.

Customers were still reporting issues late Wednesday afternoon, but the site seemed to returning to normal by the evening. There were no outage reports on Sitedown.co for US Bank, JPMorganChase or Suntrust as of this time.

Advertisement. Scroll to continue reading.

“This new wave of attacks just picks up right where they left off,” Stephen Gates, technology evangelist at Corero Network Security, told SecurityWeek.

The attackers are showing no signs of backing down, and—by publicly declaring their targets—are apparently becoming more emboldened, Gates said.  In the Pastebin message, the group promised even more severe attacks.

“In [the] new phase, the wideness and the number of attacks will increase explicitly; and offenders and subsequently their governmental supporters will not be able to imagine and forecast the widespread and greatness of these attacks,” the group wrote.

Cyber AttacksThe attacks are evolving from high volume flood assaults to intricate application layer attacks, Gates said.

The group claimed responsibility for the first wave of attacks which affected ten financial institutions back in September and October. HSBC, Ally, BB&T, Wells Fargo and Capital One were also hit in the initial attacks but appear to not be targeted in the latest round.  All five banks in the current attacks were also targeted in the first series. An analysis by Radware found that the group was using compromised servers to launch DDoS attacks. Since servers in data centers generally have bigger bandwidth, the attacks were large enough to overwhelm network defenses.

The fact that some of the banks took to social media to warn customers about potential attacks this time around was “a sure sign that these hacktivists are beginning to hit a nerve,” Gates said.

DDoS attacks are getting larger and more serious, to the point where Arbor Networks last month speculated about the possibility of a “DDoS Armageddon”—a distributed denial of service attack so big that it would take down the entire Internet. While many security experts dismissed the possibility as being highly unlikely, they acknowledged that the current waves of attacks are lasting longer and causing more damage. The first wave of attacks against the banks reached 100 Gbps, where just 5 to 10 Gbps is usually enough to take a site down, Jason Lewis, chief scientist at Lookingglass Cyber Solutions, said.

“DDoS attacks have the power to take down organizations for long amounts of time,” Ziv Gadot, senior security analyst for Radware, told SecurityWeek at the time.

“Financial institutions must up their game,” Gates said.

Related: Sophisticated DDoS Toolkit Used in Recent Bank Cyber Attacks

Related: Cyberattack Capable of Downing Entire Internet Is Unlikely  

Related: Hackers’ Threatened Internet Shutdown Unlikely to Work

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet