Shortly after Anonymous hackers attacked several Israeli government websites in early April, an Israeli hacker broke into Anonymous' Operation Israeli website. Within hours, he had replaced all the anti-Israel messages with a recording of Israel's national anthem.
"When I read that, I thought, 'All right!'" says Avivah Litan, vice president and distinguished analyst at Gartner.
Such chutzpah is a rare among cyberattack victims.
Banks that have been hit since September with several waves of distributed denial of service attacks, in which protestors flood a bank's web servers with requests to slow and disable the machines, have taken a defensive posture. This is appropriate, as the enemy is still not fully known. The Izz ad-Din al-Qassam Cyber Fighters Group has claimed responsibility for the attacks. This Muslim group says it's going after U.S. banks because it wants YouTube to remove a video called Innocence of Muslims from its site. It has announced each attack beforehand, more or less accurately. Yet many observers believe that the scale and sophistication of the attacks indicate a nation-state, possibly Iran, is behind them.
The threat is being taken seriously by more banks. In a poll American Banker conducted at the end of March, editors asked, "Do cyberattacks pose a grave threat to banks?" More than half (51) agreed that yes, the bad guys could cause the financial system to seize up. About 40% felt it depends — banks that make serious commitments can protect themselves. Only 9% said no, that the threat is overblown and more a costly nuisance than a serious danger.
ANATOMY OF A DDOS ATTACK
There are two types of distributed denial of service attacks, according to Lawrence Orans, research director at Gartner. The first, a volumetric attack, fills the target's bandwidth pipe with junk — or fake requests — in an attempt to knock out its servers. The cybercriminals create malware that harnesses a large number of computers into a botnet and directs traffic from the servers to a target location, such as an online banking login page. Another target might be an annual report on the bank's website available for download. "If you launch thousands of PCs within a few seconds to download that PDF, that's going to cause a DDoS attack," Orans says.
The second type of DDoS attack goes after applications. The attackers send an application server commands that max out the server's CPU or memory, either of which could cause the application to fail and to deny service to legitimate users. This is also called resource starvation.
"An example would be 'search *.*'; that would put a big hit on the CPU and on memory," says Orans.
At least a dozen banks have been subject to DDoS attacks in the past seven months, and most of them have been among the largest, such as Wells Fargo and JPMorgan Chase. More recent targets have included Regions Bank, TD Bank, BB&T and American Express.
So smaller banks can't sit back and relax. "Regional banks are next in line to be targeted and some are being targeted now," notes Alphonse Pascual, senior analyst of security, risk and fraud at Javelin Strategy & Research.
Since September, the DDoS attacks on banks have been getting deeper and more sophisticated. In the early days, the banks were receiving excessive traffic on their website home pages. Then the attackers got more specific, drilling down to find, say, a specific file that could be downloaded from Wells Fargo's customer service page, and issuing millions of requests to download that file. "It's not a rocket science attack but it's targeted toward different parts of banks' websites," says Litan. "Banks generally go through the same network providers, so [the attackers] want to overwhelm the carriers so they can't filter out the traffic."
Be the first to comment on this post using the section below.