Banks warned on high risk of cyber attacks
New York, September 20, 2012
A financial services industry group has warned banks, brokerages and insurers to be on heightened alert for cyber attacks after Bank of America and JPMorgan Chase experienced unexplained outages on their public websites.
The Financial Services Information Sharing and Analysis Center, which is widely known as FS-ISAC, raised the cyber threat level to "high" from "elevated" in an advisory to members, citing "recent credible intelligence regarding the potential" for cyber attacks as its reason for the move.
The problems with the websites at the two banks came after an unidentified person posted a statement on the Internet threatening to attack Bank of America and the New York Stock Exchange as a "first step" in a campaign against US companies. The posting said the attacks would continue until the film that had stirred up anti-US protests across the Middle East was "erased" from the Internet.
It was not possible to identify the person who posted the statement. Nor was it clear if the threat had anything to do with the issues at either of the two banks.
Dan Holden, director of security research at Arbor Networks, said that several US banks were under assault by a distributed denial of service (DDoS) campaign. He declined to identify them by name.
An outside security contractor who was familiar with the attacks said that they were "massive" in scope.
Denial-of-service attacks seek to disrupt websites and other computer systems at the targeted organization by overwhelming their networks with computer traffic.
The move by FS-ISAC came just two days the FBI published a "fraud alert" advising financial services firms that cyber criminals may be disrupting service to their websites in a bid to keep banks from noticing a recent surge in fraudulent large-sized wire transfers.
"Often these DDoS attacks are part of a more sophisticated blended threat - One that utilizes DDoS as a diversion for more complex, difficult to detect techniques with the intention to extract customer data or financial information," said Holden of Arbor Networks.
An FBI spokeswoman declined to say if the tactics cited in the fraud alert were related to the problems experienced by the two banks.
On Wednesday the consumer banking website of JPMorgan Chase & Co was intermittently unavailable to some customers. The problems followed issues with the website of Bank of America Corp on Tuesday amid threats on the Internet that a group was planning to launch cyber attacks on a US bank.
JPMorgan Chase spokesman Patrick Linehan said: "We're experiencing intermittent issues with Chase.com. We apologize for any inconvenience and are working to restore full connectivity."
A Bank of America spokesman reported no continuing problems on Wednesday. "Our online banking services have been, and are, up and running," Mark Pipitone said. "The vast majority of our customers have not experienced any issues."
The short advisory from the industry group urged banks and other industry members to "ensure constant diligence in monitoring and quick response to any malicious events." - Reuters