SunTrust Is Latest Attack Victim

7th U.S. Bank Suffers Outage Linked to DDoS Attacks
SunTrust Is Latest Attack Victim

On Oct. 10, SunTrust Banks became the seventh U.S. financial institution apparently hit by a distributed denial of service attack orchestrated by the hacktivist group Izz ad-Din al-Qassam.

See Also: Forrester Top 35 Global Breaches Report: Balance Defense with Defensibility

SunTrust's website suffered intermittent glitches, suggesting the attack was either less severe than the previous attacks aimed at other institutions, whose websites were virtually shut down by the attacks, or that the bank managed the situation better (see CapOne Site Takes DDoS Hit).

SunTrust spokesman Michael McCoy confirmed SunTrust's site had been hit by an uptick in traffic. "We have seen increased online traffic today and experienced intermittent service availability of some online functions," he said.

But McCoy declined to offer additional details. "We typically don't discuss security-related matters," he said.

According to online outage tracker Sitedown, SunTrust's servers were intermittently overloaded, making the site inaccessible at different points during day in some parts of the country.

Capital One was the sixth bank to take an online hit when its site suffered an outage Oct. 9. The Capital One outage came two weeks after similar DDoS attacks targeted Bank of America, Chase Bank, Wells Fargo, PNC and U.S. Bank.

Will Regions Be Next?

In a Pastebin post dated Oct. 8, the hacktivist group announced the planned Oct. 9 attack against Capital One, the Oct. 10 attack against SunTrust and an Oct. 11 takedown date for Regions Financial Corp.

But Alphonse Pascual, a financial fraud analyst at Javelin Strategy & Research, says it remains unclear who's actually behind the hacktivist group's efforts. "And until we understand the motivation, it's hard to know the depths to which they'll go."

That unknown motivation also makes fighting these DDoS attacks challenging, Pascual says, although banks are likely improving their defensive techniques.

Izz ad-Din al-Qassam has claimed it's waging a cyberwar against top-tier banking institutions through hacktivism because of outrage over a YouTube movie trailer the group believes casts Islam in a negative light. By targeting banks, the group claims it can hit the U.S. where it hurts. In a previous Pastebin post, the attackers wrote: "Money is everything for you."


About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.