Threat Management, Incident Response, TDR

“High” threat alert issued in midst of bank site incidents

In the wake of issues affecting Bank of America and JPMorgan Chase's websites, the Financial Services Information Sharing and Analysis Center (FS-ISAC) raised the financial industry's cyber threat level to “high.”

The threat level moved from “elevated” to “high” on Wednesday, the same day news broke that Chase's website was down intermittently – and only a day after Bank of America customers experienced problems accessing its site.

On the FS-ISAC website, the organization said the high threat level was related to “recent credible intelligence regarding the potential for DDoS and other cyber attacks against financial institutions.”

A hacktivist group called “Cyber fighters of Izz ad-din Al qassam” claimed responsibility for attacks on “properties of American-Zionist capitalists” launched Tuesday, specifically mentioning Bank of America and the New York Stock Exchange (NYSE) as targets.

“This attack will continue till the erasing of that nasty movie,” warned the message posted on Pastebin. On Wednesday, the group posted another message, taking credit for site issues affecting Chase.

The movie the group made reference to is believed to be the anti-Muslim film “Innocence of Muslims,” which has incited protests among Muslims around the world.

The hacktivists' claim on NYSE attacks has yet to be confirmed by the stock exchange.

The Internet Crime Complaint Center (IC3) issued its own alert on fraudulent activity in the financial industry on Monday.

Distributed denial-of-service (DDoS) attacks were listed among cases reported to the Federal Bureau of Investigation, which partnered with the National White Collar Crime Center to establish IC3.

“In some of the incidents, before and after unauthorized transactions occurred, the bank or credit union suffered a distributed denial-of-service (DDoS) attack against their public website,” the posting said. “The DDoS attacks were likely used as a distraction for bank personnel to prevent them from immediately identifying a fraudulent transaction, which in most cases is necessary to stop the wire transfer.”

Dirt Jumper, a commercial crimeware kit that can launch sophisticated DDoS attacks, was named by IC3 as one tool used to commit fraudulent activity.

Chase and Bank of America have not confirmed whether DDoS attacks were behind the sporadic website issues this past week, though a Bank of America spokesman told on Wednesday that its online banking services “have been, and continue to be, up and running.”

When asked about the cause of website issues affecting Chase this week, Patrick Linehan, a spokesman for the company, told in an email on Friday that the bank was "back to business as usual."

"Some customers had trouble logging onto the site earlier this week," he added.

While DDoS was a potential attack method, other possibilities couldn't be ruled out, Rob Kraus, director of research for Solutionary's Security Engineering Research Team (SERT), told on Friday.

"There's a lot of speculation based on what's going on," Kraus said. "There's also theories that other hacktivist groups may have done this."

The players could be different or the suspected players may not even be to blame, he said. 

Within the last year, however, Kraus has noted an increase in criminals using DDoS attacks to mask criminal activity, such as online banking fraud. 

"An ACH [Automated Clearing House] or wire transfer will be initiated with compromised credentials, like user login details, and at an opportunistic time [attackers] will start DDoS attacks to take the attention off of the fraud," Kraus said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.