DDoS: Citi Takes Post-Holiday Hit

Hacktivists Announce Plans for Year-End Bank Attacks

By , December 27, 2012.
DDoS: Citi Takes Post-Holiday Hit

After hacktivists announced in a Christmas Day Pastebin post plans for a third week of bank attacks, Citigroup reported site interruptions Dec. 26 that struck during the late afternoon.

See Also: Secure E-Banking: Consumer-Friendly Strong Authentication

Citi spokesman Andrew Brent did not attribute the online-banking access issues to high volumes of traffic, as is typical in a distributed-denial-of-service attack, saying that the bank does not disclose details about IT infrastructure issues.

"Citi is experiencing interruptions in the availability of some of its websites," Brent said just after 7 p.m. ET Dec. 26. "We are actively working to resolve the situation as soon as possible. We apologize to customers for the inconvenience."

By 11 p.m. ET, the bank's sites were back up and fully accessible. "We worked to resolve the situation in a matter of hours and continue to monitor online activity," Brent said.

No specific targets were named in the hacktivists' Dec. 25 announcement of plans for another week of attacks, part of a second campaign of DDoS hits. But the hacktivist group Izz ad-Din al-Qassam Cyber Fighters did note that attacks will be widespread and of the same magnitude as attacks waged in previous weeks. Attacks will continue, the group says, until a YouTube video deemed by hacktivists to be offensive to Muslims is removed.

"American dominant authorities, without any attention to these protests and in a discriminatory manner, have done nothing to remove that offensive video," the Izz ad-Din al-Qassam post states. "All conscious and impartial people know that it is very easy for American rulers to remove the video, but apparently they are looking for something else behind this insult. ... We suggest that U.S. government and the banks should seek a logical and easy solution instead of spending big to deal with these attacks."

Banks' Defenses Improving?

Since Dec. 10, when Izz ad-Din a-Qassam Cyber Fighters announced its second wave of attacks, PNC Financial Services, U.S. Bancorp, Bank of America, Wells Fargo and BB&T have confirmed intermittent site issues related to large volumes of online traffic. The latest DDoS attacks, following a Dec. 17 warning from the hacktivist group, struck Dec. 20 and affected only PNC and Wells Fargo.

Online outages and site-access issues suffered by these targeted institutions have been less impactful than they were during the first campaign, which ran from mid-September to mid-October, experts say.

That weakened impact may be attributed to a mix of factors, experts say. Improved defenses, for example, could be playing a role, suggests financial fraud expert Avivah Litan of Gartner Research.

"Most banks' network teams are making rapid adjustments to the configurations of their networks, so they can better withstand these attacks," Litan says. "These adjustments are definitely helping for now."

Litan says fraud teams also are enhancing their strategies, "so more is automated and independent of staff attention, which is diverted during these attacks."

The Office of the Comptroller of the Currency on Dec. 21 issued a warning to banking institutions about DDoS diversions used to mask fraud. OCC spokesman Bill Grassano says the groups behind DDoS may shift tactics and targets, so banks must rely more heavily on information sharing with peers to ensure they know the patterns to watch.

"Banks need to have a heightened sense of awareness regarding these attacks and employ appropriate resources to identify and mitigate the associated risks," he says. "Preparations may include ensuring sufficient staffing for the duration of DDoS attacks in conjunction with pre-contracted third-party servicers that can assist in managing the Internet-based traffic flow."

On Dec. 10, Izz ad-Din al-Qassam identified BofA, JPMorgan Chase, PNC, U.S. Bancorp and SunTrust Banks as the primary targets for its second DDoS campaign (see 5 Banks Targeted for New DDoS Attacks).

Until then, attacks had subsided since the first wave, which targeted those five banks, as well as Wells Fargo, Regions Bank, HSBC Holdings, BB&T Corp. and Capital One.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE 'Mayhem' Malware Exploits Shellshock

Malware known as "Mayhem" that targets Unix and Linux systems has been updated to exploit...

Latest Tweets and Mentions

ARTICLE 'Mayhem' Malware Exploits Shellshock

Malware known as "Mayhem" that targets Unix and Linux systems has been updated to exploit...

The ISMG Network