Regions Financial Corp. on Oct. 11 confirmed its online banking and corporate websites were suffering intermittent outages related to an Internet service disruption.
The Regions site outages were expected, based on distributed denial of service attack threats posted Oct. 8 on Pastebin by the hacktivist group Izz ad-Din al-Qassam. Regions is the eighth U.S. bank to take an online hit in the last four weeks.
"We are experiencing an Internet service disruption that is intermittently impacting our customers' ability to access our website or use our online banking service," Regions spokeswoman Evelyn Mitchell told BankInfoSecurity. "We are working quickly to resolve this issue and regret any inconvenience customers may be experiencing."
According to Is It Down Right Now, an outage-tracking site, Regions was suffering sporadic outages throughout the morning and early afternoon of Oct. 11. Down For Everyone Not Just Me, another tracking site, also confirmed the outages. But as of early afternoon, no outages for Regions had yet been reported to the online-outage-tracking site Sitedown.
Series of Attacks
In the Oct. 8 post, Izz ad-Din al-Qassam, the group taking credit for the attacks, warned of hits against Capital One on Oct. 9, SunTrust on Oct. 10 and Regions Bank on Oct. 11. All the apparent attacks occurred on the days promised.
Now industry observers are waiting to see what bank will be next.
Izz ad-Din al-Qassam, as part of a movement it has coined Operation Ababil, says it expects to spend the weekend developing plans for more attacks next week. "The timetable for October's second week attack program is announced," the group states in its Oct. 8 post. "Weekends: planning for the next week' attacks."
The motivation behind the attacks is still murky. Izz ad-Din al-Qassam claims it's waging a cyberwar against top-tier banking institutions because of outrage over a YouTube movie trailer believed by the group to be anti-Islam. But experts question whether that outrage is just a front for something more nefarious.
So far, the banks that have been hit with DDoS attacks have not reported any fraud activity. But Gartner analyst Avivah Litan says account takeover and wire fraud perpetrated in the background or via the call center should be institutions' greatest worry.
"There are anecdotes about money loss during these attacks, e.g. through calls to the call center to get wire transfers done while the website was down," she says.
As a result, institutions need to tighten fraud-prevention controls, "especially at the call center and around access from employee accounts, the new attack vectors," Litan says.
But Alphonse Pascual, a financial fraud analyst at Javelin Strategy & Research, says it's too early to really know why banks are being targeted. "Hitting banks gets a lot of attention; so I'm not sure if that's the motivation or if it's something else," he says.
"And we still don't know, really, who's behind these attacks," Pascual adds. "If it is a nation-state attack, this could be very serious. They have all kinds of resources to back their attacks, and there could be lots going on in the background that we don't know about."
For example, Pascual says information could be exposed or compromised during these attacks, and banks may not even be aware of it. "I'm not saying that's the case, but it is possible," he says. "And if the banks do find that some breach has occurred, I don't even know if it would be in their best interest to share that with the public right now, since we still don't know who's behind all of this. They should share their breach with law enforcement."
One executive at a mid-tier regional institution says that while it's unclear what the "end game" motivation is, the hacktivists are "demonstrating they can do what they claim when they choose to."
He surmises the hacktivists are trying to create distrust of the U.S. financial system among consumers.
Pastebin posts attributed to Izz ad-Din al-Qassam state U.S. banks are being targeted to send a message about the U.S. capitalism. "Money is everything for you," the group stated in one post.
If patterns repeat, banks could expect more attacks Oct. 16. The last two waves of attacks started on Tuesdays.