4 Banks Respond to DDoS Threats

PNC Uses Social Media, Website to Forewarn Customers

By , December 12, 2012.
4 Banks Respond to DDoS Threats

The day after Izz ad-Din al-Qassam Cyber Fighters announced plans to launch a second wave of distributed-denial-of-service attacks on five U.S. banks, SunTrust suffered intermittent outages and Bank of America and PNC said small numbers of their customers reported having trouble accessing their sites. But it remained unclear whether the problems were the result of an attack.

See Also: The Evolution of Advanced Malware

U.S. Bank, which did not suffer any known outages or access issues, did, however, acknowledge that new attacks could be on the way.

On Dec. 11, PNC used social media to warn consumers that site outages should be expected, but that account and online-banking credentials would remain secure. And one expert was advising banks to expect the worst, saying Izz ad-Din al-Qassam Cyber Fighters' second wave of attacks would likely be more fierce than the first.

The online-monitoring site websitedown.com reported that about noon ET on Dec. 11, SunTrust Banks website suffered intermittent outages. But SunTrust executives declined to comment on the nature of the outages.

BofA spokesman Mark Pipitone said that while BofA's site suffered no overall outages, an isolated number of online-banking users reported problems accessing the site. "We're aware of the reports of possible cyberattacks, and we're monitoring our systems, which are fully operational," Pipitone said in the early evening of Dec. 11.

PNC spokeswoman Amy Vargo said some PNC customers may have experienced intermittent difficulty logging in on their first attempts. "We are aware of the situation and working to restore full access," she said during the early evening of Dec. 11. "We are focused on minimizing disruption to our customers and will review the cause of this incident once full access is restored."

And U.S. Bank spokesman Tom Joyce told the Minneapolis/St. Paul Business Journal that the bank is "taking all necessary steps" to prepare for more attacks. "It's important to note that these denial-of-service attacks are designed to slow down banks' websites and create a nuisance for consumers," Joyce said. "Customers can be assured that their data and funds are secure."

The hacktivist group Izz ad-Din al-Qassam Cyber Fighters named SunTrust, U.S. Bancorp, JPMorgan Chase, Bank of America and PNC Financial Services Group as targets for its next wave of DDoS attacks.

The group, in a Dec. 10 post on Pastebin, announced plans for what it portrays as "Phase 2 Operation Ababil" - a second campaign of attacks waged against leading U.S. banks to protest a YouTube movie trailer deemed offensive to Muslims.

All five banks were targets - along with Wells Fargo, Capital One, Regions Bank, BB&T and HSBC - during the first wave of DDoS attacks, which ran from mid-September to mid-October. During that period, each bank's website suffered intermittent outages of varying degrees. CapOne was the only institution targeted twice in the first wave (see CapOne Takes Second DDoS Hit).

PNC's Communications Stand Out

On Dec. 11, three of the five newly targeted banks were remaining quiet, declining to comment about the threat and steps they were taking, if any, to communicate with consumers about the expectation of more attacks.

BofA acknowledged isolated reports from consumers who suffered difficulty logging in. PNC, the only bank to publicly outline details surrounding the DDoS attack it suffered in the first wave, however, immediately took steps to notify the public of the possibility for a second attack.

Through Dec. 11 posts on the social-networking sites Facebook and Twitter, PNC forewarned online-banking customers that outages should be expected.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Fight Email Fraud: New Strategies

Email fraud has existed since the advent of email. But the schemes are evolving and impacting...

Latest Tweets and Mentions

ARTICLE Fight Email Fraud: New Strategies

Email fraud has existed since the advent of email. But the schemes are evolving and impacting...

The ISMG Network