SunTrust Is Latest Attack Victim 7th U.S. Bank Suffers Outage Linked to DDoS Attacks

On Oct. 10, SunTrust Banks became the seventh U.S. financial institution apparently hit by a distributed denial of service attack orchestrated by the hacktivist group Izz ad-Din al-Qassam.

See Also: CISO Agenda 2015: Adding Value to a Security Program with Application Security

SunTrust's website suffered intermittent glitches, suggesting the attack was either less severe than the previous attacks aimed at other institutions, whose websites were virtually shut down by the attacks, or that the bank managed the situation better (see CapOne Site Takes DDoS Hit).

SunTrust spokesman Michael McCoy confirmed SunTrust's site had been hit by an uptick in traffic. "We have seen increased online traffic today and experienced intermittent service availability of some online functions," he said.

But McCoy declined to offer additional details. "We typically don't discuss security-related matters," he said.

According to online outage tracker Sitedown, SunTrust's servers were intermittently overloaded, making the site inaccessible at different points during day in some parts of the country.

Capital One was the sixth bank to take an online hit when its site suffered an outage Oct. 9. The Capital One outage came two weeks after similar DDoS attacks targeted Bank of America, Chase Bank, Wells Fargo, PNC and U.S. Bank.

Will Regions Be Next?

In a Pastebin post dated Oct. 8, the hacktivist group announced the planned Oct. 9 attack against Capital One, the Oct. 10 attack against SunTrust and an Oct. 11 takedown date for Regions Financial Corp.

But Alphonse Pascual, a financial fraud analyst at Javelin Strategy & Research, says it remains unclear who's actually behind the hacktivist group's efforts. "And until we understand the motivation, it's hard to know the depths to which they'll go."

That unknown motivation also makes fighting these DDoS attacks challenging, Pascual says, although banks are likely improving their defensive techniques.

Izz ad-Din al-Qassam has claimed it's waging a cyberwar against top-tier banking institutions through hacktivism because of outrage over a YouTube movie trailer the group believes casts Islam in a negative light. By targeting banks, the group claims it can hit the U.S. where it hurts. In a previous Pastebin post, the attackers wrote: "Money is everything for you."


About the Author

Tracy Kitten

Tracy Kitten

Executive Editor, BankInfoSecurity & CUInfoSecurity

A veteran journalist with more than 18 years' experience, Kitten has covered the financial sector for the last 11 years. Before joining Information Security Media Group in 2010, where she now serves as the Executive Editor of BankInfoSecurity and CUInfoSecurity, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.





Around the Network