Wells Fargo Still Dealing with DDoS

Latest Outage: No Widespread Impact Reported
Wells Fargo Still Dealing with DDoS

Hacktivists' phase 2 distributed-denial-of-service attacks against U.S. banks appeared to subside Dec. 19. Only Wells Fargo reported online access issues, but the bank pointed out that outages were limited. A day earlier, the bank reported a more extensive DDoS hit.

See Also: Cybersecurity for the SMB: Steps to Improve Defenses on a Smaller Scale

The hacktivist group Izz ad-Din al-Qassam Cyber Fighters Group on Dec. 18 posted an update on Pastebin, saying targeted banks could expect more distributed-denial-of-service attacks this week, resembling the magnitude of attacks waged against Bank of America, JPMorgan Chase, PNC Financial Services, U.S. Bancorp and SunTrust Bank a week earlier (see 5 Banks Targeted for New DDoS Attacks).

The group, however, did not name its targets in the Dec. 18 posting. But based on outage reports confirmed Dec. 18 and Dec. 19 by Wells Fargo, the bank apparently was one of those that Izz ad-Din al-Qassam has chosen to attack this time around.

Wells Fargo spokeswoman Sara Hawkins said some bank customers may have experienced issues accessing their online accounts throughout the day Dec. 19. "We're not seeing widespread impact, but we do recognize that some customers may have intermittent access to our website," she said.

On Dec. 18, however, Hawkins said the bank was seeing heavier than typical traffic. "We're seeing an unusually high volume of traffic, which is creating slow or intermittent access to our website for some online customers," she said.

But none of the five banks named as targets in Izz ad-Din al-Qassam's Dec. 11 announcement of the launch of a phase 2 DDoS campaign reported similar issues.

Ten banks were targeted in the first campaign of DDoS attacks, which ran from mid-September until mid-October. Those banks included the five noted above as well as Wells Fargo, Regions Bank, HSBC Holdings, BB&T Corp. and Capital One. Among these, only Wells has reported additional outages allegedly linked to Phase 2. The others confirmed Dec. 19 that their sites remained unaffected.

The hacktivist group claims it will continue its attacks on U.S. banks until a YouTube movie trailer, deemed to be offensive to Muslims, is removed.

The Financial Services Information Sharing and Analysis Center on Dec. 12 issued an advisory, outlining precautions institutions should take as they prepare for more attacks.

The FS-ISCAC notes that hacktivists' warning that the second phase will be more severe should be heeded.


About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.