Call for new cyber laws after major U.S. banks knocked offline for 249 hours in six weeks

A seven month cyber assault on the websites of American banks has led to new calls for security legislation to prevent such attacks.

According to a report by NBC News. the websites of 15 major U.S. banks have been offline for a total of 249 hours in the past six weeks, due to a series of sustained DDoS (Distributed Denial of Service) attacks.

Representative Mike Rogers, Chairman of the Permanent Select Committee on Intelligence, said that Congress needs to act quickly, calling for legislation to allow government and companies to share information to defend against such attacks. He made the remarks in an interview with NBC this week.

Customer accounts have not been put at risk by this particular bank cybercrime – although the sustained attacks have meant it has been impossible to access online functions. The DDoS attacks have repeatedly knocked banks offline, sometimes for hours, despite the best efforts of security teams.

The attacks began seven months ago. Banks such as Wells Fargo and Bank of America were attacked in September 2012, by a group calling itself Izz ad-Din al-Qassam Cyber Fighters. The attacks have continued since then.

After one recent attack on March 14, Avivah Litan, a bank security analyst with Gartner Group said: “Interestingly, the attackers could have easily done even more damage but they chose not to. 9,200 bots were identified as attack-capable but the total number of bots actually involved in sending the DDoS traffic to the banks numbered only about 3,200. The other 6,000 bots sat there doing nothing.”

“Literally, these banks are just in war rooms, sitting at controls trying to stop this,” said Litan. “The frightening thing is they [the attackers] are not using as much resources as they have on call. The attacks could be bigger.”

Earlier this year, ESET researchers published evidence that malware was evolving to defeat anti-DDoS measures such as Cloudflare. This research can be found here.

Author , We Live Security

  • Wade Stubblefield

    Wow, why is it so easy to marshal an online force thousands of times bigger than security systems can handle? Why are these DDoS attacks so easy to use? They should be old enough news to simple disappear, but this sadly is not the case.

    • Stephen Cobb

      Good question Wade, and a hard one to answer precisely because there are different types of DDoS attacks. However, a couple of factors to bear in mind:

      1. Asymmetric nature of some network communications. For example, in some cases it is possible to open a connection using a faked IP address, then change the IP address and open another connection, even as the system that you are connecting to is waiting for the first address to respond. This asymmetry amplifies the power of a single attacker relative to the target.

      2. State sponsored or “allowed” attacks can marshal large amounts of bandwidth, more than some commercial targets can handle.

      On the positive side, DDoS mitigation is often effective, meaning that the denial achieved by the attacker is limited.

Follow us

Copyright © 2017 ESET, All Rights Reserved.