Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Banks Hit Downtime Milestone In DDoS Attacks

Top 15 U.S. banks have experienced double the downtime from same period last year. Lawmakers demand passage of a cyber threat intelligence sharing bill.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
In recent weeks, U.S. banks and financial services institutions have seen their website downtime double, compared to just one year ago.

That finding, first reported by NBC News, comes via Keynote, which maintains dummy accounts with the country's top 15 banks, which it uses to monitor site uptime and availability to customers by attempting to log into its accounts every five minutes.

Keynote didn't immediately respond to an emailed request for a copy of its research. But spokesman Aaron Rudger told NBC that for the six-week period ending on March 31, 2013, the 15 banks' sites were effectively unreachable by customers for a total of 249 hours, or 2% of the time. Compared with the same period last year, the banks only saw 140 hours of downtime, which Rudger said could largely be ascribed to their performing regularly scheduled maintenance, which often occurs at night.

[ Did a monster hack slow down the entire Internet? Read DDoS Attack Doesn't Spell Internet Doom: 7 Facts. ]

The finding that U.S. banks are experiencing double their normal levels of downtime suggests that the distributed denial-of-service (DDoS) attacks being waged under the "Operation Ababil" banner -- the self-described Muslim hacktivist band calling itself the al-Qassam Cyber Fighters -- are having a demonstrable impact on banks' ability to ensure that customers can connect with their websites.

The al-Qassam Cyber Fighters Tuesday announced via Pastebin the fifth week in what it's called the third wave of its banking attacks, and reported that last week, the websites of American Express, Ameriprise Financial, Bank of America, BB&T, Citizens Financial and KeyCorp had been targeted, and customer complaints left on the Site Down website suggested that at least some of those sites were seeing higher than normal levels of disruption.

The Operation Ababil attacks were first launched in September 2012, accompanied by demands that all copies of a film that mocks the founder of Islam be removed from the Internet. The attacks continued with a second round that began in late 2012.

Multiple U.S. government officials have dismissed the film-removal demands as a red herring, and accused the Iranian government of sponsoring the attacks. But a senior member of the House Intelligence Committee, Rep. Adam Schiff (D-Calif.), told NBC News Wednesday that the FBI and "other law enforcement agencies are following up aggressively to identify the responsible parties" behind the DDoS attack campaign, suggesting that the Iranian connection might still be tentative.

Regardless, with each new round, the attackers appear to be refining their attack tools and techniques, as evidenced by the fact that they've been able to compromise otherwise legitimate third-party websites, often by using vulnerabilities related to WordPress or involving PHP, and turn them into staging grounds for launching DDoS attacks that have achieved sustained floods of 70 Gbps and 30 million packets per second. Furthermore, security experts have said that the bank attackers don't even appear to be using all of the firepower at their disposal.

Accordingly, are stronger defenses required? Responding to the Keynote downtime findings, the chair of the House Intelligence Committee, Rep. Mike Rogers (R-Mich.), told NBC News Wednesday that the bank DDoS attacks -- which he blames on the Iranian government -- highlight the need for U.S. government intelligence agencies to share threat intelligence with the private industry. "These banks are among the best in the country when it comes to cyber security, but even they are having trouble keeping up with attacks that have the sophistication and the level of resources that a nation-state entity like Iran can devote to them," he said.

Accordingly, Rogers called on Congress to pass the controversial Cyber Intelligence Sharing and Protection Act (CISPA) that he's co-authored with C.A. Dutch Ruppersberger (D-Md.), which he claimed would enable the government "to share cyber threat information with these banks to help them get ahead of these attacks."

But Rogers offered no evidence to support his assertion that access to better attack signatures would somehow immunize banks' networks against DDoS attacks. A spokesman for Rogers wasn't immediately available by phone to discuss the Congressman's comments.

Protect the most fragile part of your IT infrastructure -- the endpoints and the unpredictable users who control them. Also in the new, all-digital How To Sharpen Endpoint Security special issue of Dark Reading: Some say the focus should be on education to deal with the endpoint security conundrum; some say technology. But it's not a binary choice. (Free with registration.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
PJS880
50%
50%
PJS880,
User Rank: Ninja
4/22/2013 | 2:05:57 AM
re: Banks Hit Downtime Milestone In DDoS Attacks
The banks have obviously invested a serious amount of time and money investigating the losses that they are suffering due to the downtime. Here is a great idea, that if the banks involved are not doing already they most definitely should be doing, is to hire private investigators of their own. I am sure that it would be worth their time and money to mutually invest in a solution, that being aggressively persuading and counter attacking, or at the very least keeping hackers occupied with menial tasks that take time? It sounds like the banks know where and who the attacks are coming from, that has got to be a useful piece of information.

Paul Sprague
InformationWeek Contributor
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/30/2020
'Act of War' Clause Could Nix Cyber Insurance Payouts
Robert Lemos, Contributing Writer,  10/29/2020
6 Ways Passwords Fail Basic Security Tests
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How to Measure and Reduce Cybersecurity Risk in Your Organization
In this Tech Digest, we examine the difficult practice of measuring cyber-risk that has long been an elusive target for enterprises. Download it today!
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27652
PUBLISHED: 2020-10-29
Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
CVE-2020-27653
PUBLISHED: 2020-10-29
Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors.
CVE-2020-27654
PUBLISHED: 2020-10-29
Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp.
CVE-2020-27655
PUBLISHED: 2020-10-29
Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.
CVE-2020-27656
PUBLISHED: 2020-10-29
Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors.