Recent DDoS Cyber Attacks on US Banks Continues
If you bank with anyone larger than a local credit union, it’s likely your bank’s website has been attacked within the past few months as recent distributed denial-of-service (DDoS) cyber attacks have increased in both frequency and severity. An April 2013 NBC News report found that in the six weeks prior, 15 of the nation’s largest banks were offline for a total of 249 hours due to denial of service cyber attacks.
Recent DDoS attacks on banks and the financial industry have impacted (just to name a few):
- Capital One Financial Corp.
- PNC Financial
- BB&T Corp.
- HSBC
- Wells Fargo Bank
- JP Morgan
- Bank of America
What is a Denial-of-Service Attack?
A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) occurs when huge amounts of traffic are directed at a website within a short amount of time, causing it to crash.
To carry out a cyberattack, cyber terrorists will acquire thousands of powerful application servers and point them at the targeted bank. Denial-of-service attacks are effective, but rather unsophisticated as they do not involve any actual hacking, cracking, or code manipulation. A DoS attack will not jeopardize a bank’s data or transactional system network, but will simply temporarily disable the banks’ public-facing websites and portals.
The jury is out on the level of threat these attacks actually pose, but it is agreed that there is no effective way to stop these attacks. As a response to the latest string of DDoS attacks, the Financial Services Information Sharing and Analysis Center (FS-ISAC) has urged banks and other industry members to “ensure constant diligence in monitoring and quick response to any malicious events.”
What is the Impact of DDoS Attacks on Banks?
Since the DDoS attacks on the financial industry began in mid-September of 2012, these cyber attacks (claimed by a group called the Izz ad-Din al-Qassam Cyber Fighters) have intended to disrupt consumer online banking services. The main consequence has been end-user frustration and a negative impact to the reputation of the attacked banks. At this point the banks targeted by the attacks claim that no accounts have been compromised, and customers do not need to take any special precautions.
However, while the consumers need not take any precautions, as the frequency and severity of attacks increases it is imperative that financial institutions enhance their cyber security. Dotcom-Monitor offers proactive external monitoring as part of a comprehensive cyber security portfolio. To learn more on this topic, see our post: External Website Monitoring Provides Early Cyber Attack Threat Warnings and check out Dotcom-Monitor VP, Brad Canham commenting on DOS attacks in a recent Forbes article, Website Outage Puts Schwab Customers in the Dark.
Dotcom-Monitor is continually tracking and reporting on banking cyber attacks and the resulting outages.
April 4th, 2013: Online Banking Outage: Wells Fargo down
October 24th, 2012: Bank Cyber Attacks: Responding to future DDoS attacks and website outages
September 27th, 2012: PNC Financial: After the Website Outage, next steps
September 26th, 2012: Update on U.S. Bancorp, PNC, Wells Fargo Outage: Reported Cyber Attack
