Last
week, the cyber-group calling itself Izz ad-Din al-Qassam Cyber
Fighters, threatened to launch a new wave of attacks against banks this
week. "During running Operation Ababil Phase 3, like previous phases, a
number of American banks will be hit by denial-of-service attacks three
days a week on Tuesday, Wednesday, and Thursday during working hours,"
according to a post on text-sharing site Pastebin.
The
warning came after a series of attacks targeted Bank of America, PNC
Bank, CapitalOne, Zions bank, 5/3, Inionbank, Comerica, Citizenbank,
Peoples, UFCU, Patelco, "and others," on Feb. 25. Yesterday and today,
customers of PNC Bank, Wells Fargo, Citibank, Bank of America, and a
number of other banks reported being unable to access their bank
Websites and online banking pages, according to information compiled by sitedown.co.
While
the attackers initially targeted some of the largest financial
institutions in the U.S., mid-tier institutions, community banks, and
credit unions were also targeted in late January.
The
same group had claimed responsibility for the earlier round of DDoS
attacks that targeted U.S. banks the second half of last year. Those
attacks had been unprecedented in size, sending upwards of 80 Gb/sec to
100 Gb/sec of traffic against the banking infrastructure. Previously,
attacks traditionally topped out at 10 GB/sec. The attackers had also
combined multiple attack techniques, making it harder for defenders to
successfully filter out the malicious traffic.
Financial
institutions need to take the attacks seriously and step up their
defenses to defend against these new class of attacks, Marty Meyer,
president of Corero Network Security, told SecurityWeek. DDoS attacks
are no longer just simple flooding attacks; attackers are increasingly
targeting the application layer and consuming server resources, Meyer
said.
Radware
researchers discovered back in October the attackers were using
automated toolkits such as itsoknoproblembro to launch their attacks.
Researchers also identified a handful of Web servers the attackers had
compromised and was using to launch high-volume attacks. The compromised
Web servers meant the attackers had a big broadband pipe to overwhelm
target sites.
In
a report released late January, Gartner analyst Avivah Litan forecast
that 25 percent of all DDoS attacks will attack the application layer.
Application attacks are generally more complicated and harder to defend
against than typical flooding attacks.
"A
new class of damaging DDoS attacks and devious criminal
social-engineering ploys were launched against U.S. banks in the second
half of 2012, and this will continue in 2013 as well-organized criminal
activity takes advantage of weaknesses in people, processes and
systems," Litan said back in January when the report was released.
All
the financial institutions hit in the previous wave of attacks claimed
customer data was not impacted and no fraudulent activity had been
detected. As soon as the attacks ended, the sites were back online
without any further issues.
Considering
the same banks were getting hit in each wave and there were still being
affected shows that financial institutions are still trying to catch up
and figure out how to defend their networks from these kind of attacks,
Meyer said. Even the attackers may be a little surprised that their
campaigns continue to still work, Meyer said.
The
National Credit Union Administration issued an alert on Feb. 21 which
warned financial institutions that DDoS attacks are often used to
distract IT teams from noticing fraudulent transactions or stealing
customer information. The NCUA recommended banks conduct ongoing
assessments and add DDoS mitigation strategies to their incident
response programs. Bank of the West was hit by a different DDoS attack
in December and over $900,000 were drained from an account, according to
a report by Brian Krebs on Krebs on Security.
"Credit
unions should voluntarily file a Suspicious Activity Report if an
attack impacts Internet service delivery, enables fraud, or compromises
member information," the NCUA said in its alert.
0 komentar:
Posting Komentar