Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

U.S. Bank Hacks Expand; Regions Financial Hit

Attacks by self-described Muslim hackers, now in their fourth week, hit Regions Financial Thursday. Hacking campaign has also disrupted Capital One and SunTrust banking websites.

Regions Financial Thursday became the latest U.S. bank to have its website attacked and disrupted by self-described Muslim hackers, as part of their ongoing "Operation Ababil" online attack campaign.

"We are experiencing an Internet service disruption that is intermittently impacting our customers' ability to access our website or use our online banking service," said Regions Financial spokesman Mel Campbell Thursday in a statement, according to news reports. "We are working quickly to resolve this issue and regret any inconvenience customers may be experiencing."

Early Friday morning, the Regions website appeared to still be inaccessible, but by later in the day, it appeared to once again be available. A spokesman for Regions didn't immediately respond to an emailed query about exactly when the attack against the bank's website had begun, or how long it had lasted.

[ Hackers aren't always motivated by money. Read more at How Cybercriminals Choose Their Targets. ]

The Regions website disruption followed similar distributed denial-of-service (DDoS) attacks launched against the websites of Capital One on Tuesday, and SunTrust on Wednesday.

Capital One spokeswoman Pam Garardo said via email that on Oct. 9, Capital One experienced intermittent access to some online systems due to a denial-of-service attack. She emphasized that other bank channels--branches, call centers, ATMs, as well as its ING Direct and HSBC credit card websites--were not affected, and that no customer or account information had been exposed. "Online servicing channels were fully restored within a few hours," she said.

In the case of SunTrust, Fox Business reported Wednesday that when attempting to log on, some customers have been complaining of receiving one of two error messages: 'Server Unavailable' or 'Server is too busy. According to news reports, a SunTrust spokesman said Wednesday, "We have seen increased traffic today and have experienced some intermittent service availability."

As of Friday, however, the bank's website appeared to be fully accessible. SunTrust spokesman Mike McCoy, when asked via email about exactly when the attacks had begun and ended, replied, "We are not commenting further on the matter as we typically don't comment on security-related matters."

As with recent similar attacks, all three bank attacks had been announced in advance via a Pastebin post--the latest uploaded Monday--by a group calling itself the Izz ad-Din al-Qassam Cyber Fighters.

According to The New York Times, the name of the hacking--or hacktivist--group references "Izz ad-Din al-Qassam, a Muslim holy man who fought against European forces and Jewish settlers in the Middle East in the 1920s and 1930s." The hackers said they've launched their banking attacks in retaliation for the release of the "Innocence of Muslims" film that mocks the founder of Islam. A 13-minute clip of the film was uploaded last month to YouTube.

The film has been attributed to Nakoula Basseley Nakoula (a.k.a. Mark Basseley Youssef), 55, who appeared Wednesday in Los Angeles U.S. District Court. Federal prosecutors had accused Nakoula of eight violations of his probation, stemming from a 2010 conviction on bank fraud charges, which could see him returned to prison for two years. He was arrested Sept. 28 for the alleged parole violations, which include using aliases, using a computer without supervision, and lying to his probation officer. But in his court appearance, Nakoula denied all of the charges against him. He's next due back in court Nov. 9.

Attackers' apparent motivations aside, do the bank website disruptions herald a new era in online attacks? "A cyber attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11. Such a destructive cyber terrorist attack could paralyze the nation," said Secretary of Defense Leon Panetta Thursday, in a speech at a black-tie event held by the Business Executives for National Security on the Intrepid Sea, Air and Space Museum in New York.

"In recent weeks, as many of you know, some large U.S. financial institutions were hit by so-called 'distributed denial-of-service' attacks," he said. "These attacks delayed or disrupted services on customer websites. While this kind of tactic isn't new, the scale and speed was unprecedented."

But security firm Prolexic, which has been tracking the tools and techniques used in the banking website disruptions, begged to differ with Panetta's analysis. "These are big, but we've seen this big before," said Neal Quinn, chief operating officer of Prolexic, told Wired. "We've seen events this big in the past."

Still, the attacks have been notable because even with attackers' prior warning, they've managed to disrupt the websites of some of the country's largest financial firms, including Bank of America, JPMorgan Chase, PNC, U.S. Bank, and Wells Fargo. As that skill and sophistication suggest, the bank attacks haven't been launched by just one individual, or using a single tool, but rather by multiple well-organized groups wielding a variety of tools, according to Prolexic.

"A blend of attack scripts and different techniques used in each campaign is another pointer to the likelihood that multiple, well-organized groups or individuals were behind these attacks," said Prolexic president Stuart Scholly in an emailed statement. The company has also found that the compromised servers used by attackers appear to have been taken over--again, using a variety of different toolkits and techniques--as far back as May 2012, which further suggests that the attack participants were diverse, and the exploits well-organized.

Cybercriminals are taking aim at your website. Is your security strategy up to the challenge? Also in the new, all-digital 10 Steps To E-Commerce Security issue of Dark Reading: About half of the traffic to e-commerce sites is machine generated--and much of it is malicious. (Free registration required.)

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MROBINSON000
50%
50%
MROBINSON000,
User Rank: Apprentice
10/19/2012 | 9:23:45 AM
re: U.S. Bank Hacks Expand; Regions Financial Hit
Panetta used the attacks on ICS (Industrial Control Systems) as a warning to the US business community that similar attacks are imminent. It is also a calling for US business to embrace stalled cyber security legislation that has been bouncing around the House and Senate over the past 2+ years.

Companies have been reluctant, fearing legal repercussions for non-compliance and/or sharing sensitive information. And for those companies which worry about not complying with what is a pretty low bar of cyber security best practices -- too bad! They should be doing that already. I've long supported this cyber security bill and continue to do so -- now more than ever. HereGs another interesting article on this matter: http://blog.securityinnovation...
majenkins
50%
50%
majenkins,
User Rank: Apprentice
10/15/2012 | 12:36:39 PM
re: U.S. Bank Hacks Expand; Regions Financial Hit
I guess you really don't care since it made sure I read your article and noticed a couple of your ads, but there is a bank in the USA called US Bank and your headline made it sound like this bank had been under attack for several days. This sort of poor headline wording could cause heart palpitations in people that are just returning to work from an 8 day, mostly disconnected, vacation in Florida.
caseyf5
50%
50%
caseyf5,
User Rank: Apprentice
10/12/2012 | 5:47:48 PM
re: U.S. Bank Hacks Expand; Regions Financial Hit
Hello everyone,

According to the statement "Capital One spokeswoman Pam Garardo said via email that on Oct. 9, Capital One experienced intermittent access to some online systems due to a denial-of-service attack. She emphasized that other bank channels--branches, call centers, ATMs, as well as its ING Direct and HSBC credit card websites--were not affected, and that no customer or account information had been exposed. 'Online servicing channels were fully restored within a few hours,' she said." I had a different experience. I could not get my online information or do anything until the next day. I received emails from the system but that was all that I could do electronically.
jries921
50%
50%
jries921,
User Rank: Ninja
10/12/2012 | 5:37:27 PM
re: U.S. Bank Hacks Expand; Regions Financial Hit
I wonder if the film is the real reason, or if it's a pretext. They could, after all, make the very same attacks on the pretext that they're U.S. banks and the U.S. is the Great Satan. They could even do it on the grounds that, like all western banks, they charge interest on loans, which Islam teaches is sinful.

COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/14/2020
Lock-Pickers Face an Uncertain Future Online
Seth Rosenblatt, Contributing Writer,  8/10/2020
Hacking It as a CISO: Advice for Security Leadership
Kelly Sheridan, Staff Editor, Dark Reading,  8/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 New Cybersecurity Vulnerabilities That Could Put Your Enterprise at Risk
In this Dark Reading Tech Digest, we look at the ways security researchers and ethical hackers find critical vulnerabilities and offer insights into how you can fix them before attackers can exploit them.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17475
PUBLISHED: 2020-08-14
Lack of authentication in the network relays used in MEGVII Koala 2.9.1-c3s allows attackers to grant physical access to anyone by sending packet data to UDP port 5000.
CVE-2020-0255
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10751. Reason: This candidate is a duplicate of CVE-2020-10751. Notes: All CVE users should reference CVE-2020-10751 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-14353
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-18270. Reason: This candidate is a duplicate of CVE-2017-18270. Notes: All CVE users should reference CVE-2017-18270 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidenta...
CVE-2020-17464
PUBLISHED: 2020-08-14
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-17473
PUBLISHED: 2020-08-14
Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBiosecurity Server 1.0.0_20190723 allows an attacker to obtain a long-lasting token by impersonating the server.