Security Experts:

Connect with us

Hi, what are you looking for?



U.S. Banks Back Under DDoS Fire

After less than a six-week hiatus, attackers have resumed their distributed-denial of service attacks against U.S. financial institutions.

After less than a six-week hiatus, attackers have resumed their distributed-denial of service attacks against U.S. financial institutions.

Last week, the cyber-group calling itself Izz ad-Din al-Qassam Cyber Fighters, threatened to launch a new wave of attacks against banks this week. “During running Operation Ababil Phase 3, like previous phases, a number of American banks will be hit by denial-of-service attacks three days a week on Tuesday, Wednesday, and Thursday during working hours,” according to a post on text-sharing site Pastebin.

The warning came after a series of attacks targeted Bank of America, PNC Bank, CapitalOne, Zions bank, 5/3, Inionbank, Comerica, Citizenbank, Peoples, UFCU, Patelco, “and others,” on Feb. 25. Yesterday and today, customers of PNC Bank, Wells Fargo, Citibank, Bank of America, and a number of other banks reported being unable to access their bank Websites and online banking pages, according to information compiled by

While the attackers initially targeted some of the largest financial institutions in the U.S., mid-tier institutions, community banks, and credit unions were also targeted in late January.

The same group had claimed responsibility for the earlier round of DDoS attacks that targeted U.S. banks the second half of last year. Those attacks had been unprecedented in size, sending upwards of 80 Gb/sec to 100 Gb/sec of traffic against the banking infrastructure. Previously, attacks traditionally topped out at 10 GB/sec. The attackers had also combined multiple attack techniques, making it harder for defenders to successfully filter out the malicious traffic.

Financial institutions need to take the attacks seriously and step up their defenses to defend against these new class of attacks, Marty Meyer, president of Corero Network Security, told SecurityWeek. DDoS attacks are no longer just simple flooding attacks; attackers are increasingly targeting the application layer and consuming server resources, Meyer said.

Radware researchers discovered back in October the attackers were using automated toolkits such as itsoknoproblembro to launch their attacks. Researchers also identified a handful of Web servers the attackers had compromised and was using to launch high-volume attacks. The compromised Web servers meant the attackers had a big broadband pipe to overwhelm target sites.

In a report released late January, Gartner analyst Avivah Litan forecast that 25 percent of all DDoS attacks will attack the application layer. Application attacks are generally more complicated and harder to defend against than typical flooding attacks.

“A new class of damaging DDoS attacks and devious criminal social-engineering ploys were launched against U.S. banks in the second half of 2012, and this will continue in 2013 as well-organized criminal activity takes advantage of weaknesses in people, processes and systems,” Litan said back in January when the report was released.

All the financial institutions hit in the previous wave of attacks claimed customer data was not impacted and no fraudulent activity had been detected. As soon as the attacks ended, the sites were back online without any further issues.

Considering the same banks were getting hit in each wave and there were still being affected shows that financial institutions are still trying to catch up and figure out how to defend their networks from these kind of attacks, Meyer said. Even the attackers may be a little surprised that their campaigns continue to still work, Meyer said.

The National Credit Union Administration issued an alert on Feb. 21 which warned financial institutions that DDoS attacks are often used to distract IT teams from noticing fraudulent transactions or stealing customer information. The NCUA recommended banks conduct ongoing assessments and add DDoS mitigation strategies to their incident response programs. Bank of the West was hit by a different DDoS attack in December and over $900,000 were drained from an account, according to a report by Brian Krebs on Krebs on Security.

 “Credit unions should voluntarily file a Suspicious Activity Report if an attack impacts Internet service delivery, enables fraud, or compromises member information,” the NCUA said in its alert.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.