CapOne Site Takes DDoS Hit

SunTrust, Regions Next Expected Targets

By , October 9, 2012.
CapOne Site Takes DDoS Hit

The hacktivist group known as Izz ad-Din al-Qassam apparently made good on its threat to take down Capital One Financial Corp.'s online presence Oct. 9. Now industry observers say they're waiting to see if the group's threats against SunTrust Banks and Regions Financial Corp. will be fulfilled later this week as the group has indicated.

See Also: Stop Mobile Payment Fraud, Not Customers

"Capital One is experiencing intermittent access to some online systems due to a denial of service attack," company spokeswoman Pam Girardo said on the afternoon of Oct. 9. "All other channels are working properly. We are working to restore all online service as soon as possible."

CapOne spent much of the day Oct. 9 communicating about the outage with customers via online messaging and social media. The bank has instructed customers to call its support line if they experience problems accessing their online accounts, Gerardo says.

CapOne is the sixth major U.S. bank to be targeted by Izz ad-Din Al-Qassam in the last three weeks. Online-banking and corporate sites at Bank of America, Chase, Wells Fargo, PNC and U.S. Bank all took distributed denial of service hits the last two weeks of September, and the same group took credit.

If the pattern continues, and the Oct. 8 threat posted on Pastebin holds true, SunTrust and Regions can expect their sites to suffer outages over the next two days.

SunTrust spokesman Mike McCoy said Oct. 9 that SunTrust is aware of the threats and is working to limit online disruption for bank customers. "But we will decline to offer specifics," he added.

And Regions spokeswoman Evelyn Mitchell said Regions is already bracing for an Oct. 11 attack, but did not say what, if any, steps the bank was taking to inform customers. "We are aware that the group claiming responsibility for these attacks has identified Regions as one of its targets," she said. "We take online security seriously and are taking every measure to protect the company and our customers."

Evading Arrest

Avivah Litan, a fraud analyst at financial consultancy Gartner, says the lag between the first wave of attacks and the hit against CapOne likely is related to the attackers' efforts to evade arrest.

"The authorities know which endpoints were compromised, but they don't know who compromised them, exactly," Litan says. "There are strong indications that the same tools used in the January 2012 attacks against the Israeli stock exchange and El Al Airlines are the same tools used in these attacks. And those former attacks were praised by Hamas. I would not be at all surprised if all this leads to something much more ominous, e.g. the RSA Gozi concerns." (See RSA Warning, DDoS Attacks Linked?)

The group known as Izz ad-Din al-Qassam taking credit for the DDoS takedowns appears to be waging a cyberwar against top-tier institutions through hacktivism because of outrage over a YouTube movie trailer. The group claims the video casts Islam in a negative light.

The attacks have been successful because they flood banks' websites with more traffic than they can handle, says Mike Smith of Internet platform provider Akamai.

Action Recommended

In light of recent takedowns, and new cyberthreat alerts from the Financial Services Information Sharing and Analysis Center, experts suggest banking institutions:

  • Enhance fraud detection and network and perimeter security;
  • Review disaster recovery plans and employee training strategies; and
  • Work closely with Internet service providers, vendors, service providers and law enforcement about emerging schemes and cyberthreats.

Shirley Inscoe, a fraud analyst at financial-services consultancy Aite, says institutions should be mindful of warning signs, such as dramatic increases in wire transfers, that could signal a DDoS attack.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE FFIEC Issues Malware, Attack Alerts

The FFIEC warns U.S. financial institutions that they're at increased risk from attacks that are...

Latest Tweets and Mentions

ARTICLE FFIEC Issues Malware, Attack Alerts

The FFIEC warns U.S. financial institutions that they're at increased risk from attacks that are...

The ISMG Network