Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Bank Hacks: Iran Blame Game Intensifies

Wells Fargo official says scale of the attacks was "pretty significant." Is this the face of "cyberwar"?

Who's behind the continuing series of attacks against the websites of numerous U.S. banks? A flurry of news reports Friday pointed the finger squarely at Iran.

"They have been going after everyone--financial services, Wall Street," a senior defense official, speaking anonymously, told The Wall Street Journal. "Is there a cyberwar going on? It depends on how you define war."

Earlier this month, the distributed denial-of-service (DDoS) attacks used by the banking website attackers successfully disrupted the operations of leading Wall Street financial institutions, including Bank of America, JPMorgan Chase, and Wells Fargo, as well as other firms. Last week, the attacks expanded to include Capital One, SunTrust, and Regions Financial.

Despite an advance warning by attackers, all of the targeted banks' websites still suffered disruptions. As that suggests, and as Wells Fargo CFO Tim Sloan confirmed to Reuters Friday, the scale of the DDoS attack launched against his bank was "pretty significant," although he noted--as have other officials at banks whose websites were disrupted--that no customer data had been compromised by attackers.

[ For more on the recent spate of U.S. bank attacks, see U.S. Bank Hacks Expand, Regions Financial Hit. ]

"I don't want to minimize the potential damage it could cause to the industry," said Sloan. "But in terms of how the industry performed and how Wells Fargo performed in reaction to the recent efforts, we actually performed very well." Some customers, however, have criticized the affected banks for not restoring their websites in a timely manner.

A self-described hacktivist group, the Cyber fighters of Izz ad-din Al qassam, has taken credit for the attacks, and has also released statements denying that it's behind wire-transfer attacks that have been launched against U.S. banks over the past year. The group said the DDoS attacks are meant to protest the release of a clip from the "Innocence of Muslims" film that mocks the founder of Islam.

But information security experts have been finding inaccuracies in the Cyber fighters of Izz ad-din Al Qassam's statements, as well as evidence that the group is better organized than it has stated. Meanwhile, U.S. government officials have been stepping up their public accusations that the Iranian government has been directly sponsoring the attacks.

Likewise, Sen. Joseph I. Lieberman (I-Conn.), who chairs the Homeland Security and Governmental Affairs Committee, has blamed Iran for the attacks. "I think this was done by Iran and the Quds Force, which has its own developing cyber attack capability," Lieberman recently told C-SPAN, reported The Washington Post. The Quds Force is a special unit of the Revolutionary Guard, which is a branch of Iran's military.

But speaking anonymously, U.S. officials recently said that they've traced the attacks to a group of fewer than 100 Iranian information security specialists--based at Iranian universities and technology companies--who they say have been the actual hackers behind the bank attacks. The officials said that the evidence that conclusively links the Iranians to the attacks is classified, but said the scale and effectiveness of the DDoS attacks reinforced that the hackers had substantial backing. "These are not ordinary Iranians," a senior U.S. official told The Wall Street Journal.

Iranian officials have denied hacking any U.S. banks. But earlier this year, Iranian government officials announced the creation of a military "cyber corps" to help the country better defend itself against online attacks such as Stuxnet.

In February 2012, at an Iranian conference devoted to addressing perceived online threats against the country, Brig. Gen. Gholam-Reza Jalali, who heads the Passive Defense Organization of Iran (PDOI), reportedly told attendees that "Iran has begun to operate its first cyber army." Likewise, in an interview earlier this year, according to news reports, Jalali said that Iran had created a "cyber command," noting that creating "the cyber defense strategy is now on our agenda."

"The important point is that we develop mechanisms for cyber defense in a way that we will be able to defend the country against new viruses," he said.

The U.S. government hasn't directly taken credit for creating Stuxnet, Flame, or other espionage malware that was used against Iranian systems. But according to David Sanger's book Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power, published earlier this year, White House officials--speaking off the record--said that the malware had been developed as part of a classified program code-named "Olympic Games."

Organizations challenged by meeting the requirements of multiple regulatory mandates are increasingly looking at the alignment of governance, risk, and compliance under a unified framework, GRC.In our report, A Security Pro's Guide To GRC, we examine where the security professionals figure into the mix and recommend the steps organizations should take to align IT GRC with existing security programs and processes. (Free registration required.)

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9498
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
CVE-2020-3282
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
CVE-2020-5909
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
CVE-2020-5910
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
CVE-2020-5911
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.