DDoS Hacktivists: No U.S. Bank is SafeGroup Takes Credit for 9 Bank Attacks in December
The hacktivist group Izz ad-Din al-Qassam Cyber Fighters claims that its second phase of distributed-denial-of-service attacks has affected nine banks since Dec. 11, and it warns that more attacks are on the way.
See Also: Data Center Security Study - The Results
"Rulers and officials of American banks must expect our massive attacks! From now on, none of the U.S. banks will be safe from our attacks," the hacktivists write in a Jan. 1 post on Pastebin.
The group says its DDoS strikes waged since the kickoff of its second campaign in early December have targeted JPMorgan Chase, Bank of America, Citigroup, Wells Fargo, U.S. Bancorp, PNC Financial Services Group, BB&T Corp., Suntrust Banks and Regions Financial Corp. (see 5 Banks Targeted for New DDoS Attacks.)
The group claims its attacks against U.S. banks will continue until a YouTube video deemed offensive to Muslims is removed.
On a Dec. 10 post, Izz ad-Din al-Qassam Cyber Fighters announced plans for its second campaign, targeting PNC, U.S. Bank, BofA, Chase and SunTrust. Since then, the group has posted two subsequent threats and, as indicated in its Jan. 1 post, has apparently hit a total of nine banks.
Regions and SunTrust are the only institutions named by the hacktivists for which abnormal traffic patterns in the month of December have not been confirmed.
PNC was the first to report site issues on Dec. 11. The bank used social media and its website to forewarn customers of expected online outages possibly linked to DDoS.
On Dec. 12, U.S. Bank said intermittent site issues resulted from high volumes of traffic. That same day, the Financial Services Information Sharing and Analysis Center issued a security update to its membership, outlining precautions institutions should take as they prepare for the second phase of attacks being waged by the hacktivist group.
"Financial institutions should ensure they have reviewed their distributed-denial-of-service detection and mitigation plans, as well as recent threat intelligence shared by and through the FS-ISAC," the center warned. "FS-ISAC is working with its members, its partners and government agencies to monitor this threat, share information and support members under attack."
PNC again on Dec. 13 said its site experienced issues related to abnormally high volumes of traffic, and according to the online-monitoring site sitedown.co, Bank of America and JPMorgan Chase also suffered access issues beginning around 9 a.m. ET Dec. 13, although neither bank acknowledged any outages. Neither Chase nor BofA confirmed online woes, but one of BofA's retail customers from Atlanta called BankInfoSecurity on Dec. 14 to report he had not been able to access his online banking account at bankofamerica.com for a week.
On Dec. 26, Citi confirmed its site suffered late afternoon interruptions, but it said the issues were quickly resolved.
So far, the Office of the Comptroller of the Currency is the only federal regulator to issue a public warning about the DDoS attacks, noting that the attacks could be linked to fraud.
On Dec. 21, the OCC said banking institutions should ensure incident-response strategies involve appropriate personnel across multiple lines of business, as well as external partners. It also suggested banks consider due diligence reviews of service providers, such as Internet service providers and Web-hosting servicers to ensure they, too, have taken the necessary steps to identify and mitigate potential risks associated with DDoS attacks.
The first campaign of attacks, which ran from mid-September to mid-October, targeted all of the institutions allegedly targeted in the second campaign, as well as HSBC Holdings and Capital One.