On Oct. 10, SunTrust Banks became the seventh U.S. financial institution apparently hit by a distributed denial of service attack orchestrated by the hacktivist group Izz ad-Din al-Qassam.
SunTrust's website suffered intermittent glitches, suggesting the attack was either less severe than the previous attacks aimed at other institutions, whose websites were virtually shut down by the attacks, or that the bank managed the situation better (see CapOne Site Takes DDoS Hit).
SunTrust spokesman Michael McCoy confirmed SunTrust's site had been hit by an uptick in traffic. "We have seen increased online traffic today and experienced intermittent service availability of some online functions," he said.
But McCoy declined to offer additional details. "We typically don't discuss security-related matters," he said.
According to online outage tracker Sitedown, SunTrust's servers were intermittently overloaded, making the site inaccessible at different points during day in some parts of the country.
Capital One was the sixth bank to take an online hit when its site suffered an outage Oct. 9. The Capital One outage came two weeks after similar DDoS attacks targeted Bank of America, Chase Bank, Wells Fargo, PNC and U.S. Bank.
Will Regions Be Next?
In a Pastebin post dated Oct. 8, the hacktivist group announced the planned Oct. 9 attack against Capital One, the Oct. 10 attack against SunTrust and an Oct. 11 takedown date for Regions Financial Corp.
But Alphonse Pascual, a financial fraud analyst at Javelin Strategy & Research, says it remains unclear who's actually behind the hacktivist group's efforts. "And until we understand the motivation, it's hard to know the depths to which they'll go."
That unknown motivation also makes fighting these DDoS attacks challenging, Pascual says, although banks are likely improving their defensive techniques.
Izz ad-Din al-Qassam has claimed it's waging a cyberwar against top-tier banking institutions through hacktivism because of outrage over a YouTube movie trailer the group believes casts Islam in a negative light. By targeting banks, the group claims it can hit the U.S. where it hurts. In a previous Pastebin post, the attackers wrote: "Money is everything for you."