Attacks/Breaches
4/4/2013
10:38 AM
Connect Directly
RSS
E-Mail
50%
50%

Banks Hit Downtime Milestone In DDoS Attacks

Top 15 U.S. banks have experienced double the downtime from same period last year. Lawmakers demand passage of a cyber threat intelligence sharing bill.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
In recent weeks, U.S. banks and financial services institutions have seen their website downtime double, compared to just one year ago.

That finding, first reported by NBC News, comes via Keynote, which maintains dummy accounts with the country's top 15 banks, which it uses to monitor site uptime and availability to customers by attempting to log into its accounts every five minutes.

Keynote didn't immediately respond to an emailed request for a copy of its research. But spokesman Aaron Rudger told NBC that for the six-week period ending on March 31, 2013, the 15 banks' sites were effectively unreachable by customers for a total of 249 hours, or 2% of the time. Compared with the same period last year, the banks only saw 140 hours of downtime, which Rudger said could largely be ascribed to their performing regularly scheduled maintenance, which often occurs at night.

[ Did a monster hack slow down the entire Internet? Read DDoS Attack Doesn't Spell Internet Doom: 7 Facts. ]

The finding that U.S. banks are experiencing double their normal levels of downtime suggests that the distributed denial-of-service (DDoS) attacks being waged under the "Operation Ababil" banner -- the self-described Muslim hacktivist band calling itself the al-Qassam Cyber Fighters -- are having a demonstrable impact on banks' ability to ensure that customers can connect with their websites.

The al-Qassam Cyber Fighters Tuesday announced via Pastebin the fifth week in what it's called the third wave of its banking attacks, and reported that last week, the websites of American Express, Ameriprise Financial, Bank of America, BB&T, Citizens Financial and KeyCorp had been targeted, and customer complaints left on the Site Down website suggested that at least some of those sites were seeing higher than normal levels of disruption.

The Operation Ababil attacks were first launched in September 2012, accompanied by demands that all copies of a film that mocks the founder of Islam be removed from the Internet. The attacks continued with a second round that began in late 2012.

Multiple U.S. government officials have dismissed the film-removal demands as a red herring, and accused the Iranian government of sponsoring the attacks. But a senior member of the House Intelligence Committee, Rep. Adam Schiff (D-Calif.), told NBC News Wednesday that the FBI and "other law enforcement agencies are following up aggressively to identify the responsible parties" behind the DDoS attack campaign, suggesting that the Iranian connection might still be tentative.

Regardless, with each new round, the attackers appear to be refining their attack tools and techniques, as evidenced by the fact that they've been able to compromise otherwise legitimate third-party websites, often by using vulnerabilities related to WordPress or involving PHP, and turn them into staging grounds for launching DDoS attacks that have achieved sustained floods of 70 Gbps and 30 million packets per second. Furthermore, security experts have said that the bank attackers don't even appear to be using all of the firepower at their disposal.

Accordingly, are stronger defenses required? Responding to the Keynote downtime findings, the chair of the House Intelligence Committee, Rep. Mike Rogers (R-Mich.), told NBC News Wednesday that the bank DDoS attacks -- which he blames on the Iranian government -- highlight the need for U.S. government intelligence agencies to share threat intelligence with the private industry. "These banks are among the best in the country when it comes to cyber security, but even they are having trouble keeping up with attacks that have the sophistication and the level of resources that a nation-state entity like Iran can devote to them," he said.

Accordingly, Rogers called on Congress to pass the controversial Cyber Intelligence Sharing and Protection Act (CISPA) that he's co-authored with C.A. Dutch Ruppersberger (D-Md.), which he claimed would enable the government "to share cyber threat information with these banks to help them get ahead of these attacks."

But Rogers offered no evidence to support his assertion that access to better attack signatures would somehow immunize banks' networks against DDoS attacks. A spokesman for Rogers wasn't immediately available by phone to discuss the Congressman's comments.

Protect the most fragile part of your IT infrastructure -- the endpoints and the unpredictable users who control them. Also in the new, all-digital How To Sharpen Endpoint Security special issue of Dark Reading: Some say the focus should be on education to deal with the endpoint security conundrum; some say technology. But it's not a binary choice. (Free with registration.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
4/22/2013 | 2:05:57 AM
re: Banks Hit Downtime Milestone In DDoS Attacks
The banks have obviously invested a serious amount of time and money investigating the losses that they are suffering due to the downtime. Here is a great idea, that if the banks involved are not doing already they most definitely should be doing, is to hire private investigators of their own. I am sure that it would be worth their time and money to mutually invest in a solution, that being aggressively persuading and counter attacking, or at the very least keeping hackers occupied with menial tasks that take time? It sounds like the banks know where and who the attacks are coming from, that has got to be a useful piece of information.

Paul Sprague
InformationWeek Contributor
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4448
Published: 2014-10-22
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.

CVE-2014-4449
Published: 2014-10-22
iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-4450
Published: 2014-10-22
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements.

CVE-2012-5242
Published: 2014-10-21
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.

CVE-2012-5243
Published: 2014-10-21
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.