Major banks in the United States were once again targeted by alleged hacktivists with denial-of-service (DDoS) attacks last week.
The attack apparently caused some disruption at a handful of financial institutions.
While the group behind the attacks continue to pose as hacktivists, the longevity of the campaign – now entering its sixth month – has some security experts arguing that the attacks are a well-funded operation.
“They clearly have gotten more sophisticated over time,” Morales said. “They are doing their homework. A lot of the banks have reported that they seeing probing and smaller attacks before the larger attacks, so the attackers are taking into account what the banks are serving up and customising the attacks to take advantage of the banks’ defences.”
The QCF attacks started in September 2012, targeting banks allegedly in retaliation for the posting of a video to YouTube that offended many Muslims. US officials believe that Iran is carrying out or funding the attacks, according to a January report in The New York Times. The servers used in the attacks have also been used for criminal purposes, suggesting that the attackers are using criminal activities to fund the attacks or hiring time on criminal botnets to boost their capabilities.
The current attacks have targeted Bank of America, BB&T, CapitalOne, Citibank, Fifth Third Bancorp, JPMorgan Chase, PNC, UnionBank, and U.S. Bank, according to the QCF post.
The attacks are meant to be a nuisance to banks and cost them money, not take them offline, Arbor’s Morales said.
“This whole thing strikes me as a huge amount of saber rattling,” he said. “This is not about taking down the financials. If that was the case, they would not announce it.”
Defending against distributed denial-of-service (DDoS) attacks is not cheap. In a report released on 12 March, managed-security firm Solutionary estimated that organisations spend as much as $6,500 (4,348 pounds) an hour to recover from DDoS attacks – a number which does not include any lost revenue due to downtime.
The incidents do not seem like the work of hacktivists, who, in the past, attacked a company or site only long enough to gain attention and then moved on. The focus of the QCF group on repeatedly hitting the same targets for many months suggests other motivations, said Morales.
In its “State of the Internet” report for the third quarter of 2012, Internet security and content-delivery platform Akamai came to the same conclusion.
“While the attackers claimed to be hacktivists protesting a movie, the attack traffic seen by Akamai is inconsistent with this claim,” the company stated in the report. “The amount of attack traffic that was seen during these attacks was roughly 60 times larger than the greatest amount of traffic that Akamai had previously seen from other activist-related attacks. Additionally, this attack traffic was much more homogenous than we had experienced before, having a uniformity that was inconsistent with previous hacktivist attacks.”
Are you a security pro? Try our quiz!
Originally published on eWeek.
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…