Cyberattacks Target Bank of America (NYSE: BAC), Citigroup (NYSE: C), Wells Fargo (NYSE: WFC), JPMorgan Chase (NYSE: JPM), and Others
In the new economy, perhaps cyberattacks are part of the new norm. These attacks, often aimed at bringing down a company’s website, their servers, or their communication networks, can wreak havoc and jeopardize sensitive client and corporate information. The most recent target for these attacks seem to be the nation’s largest banks, including Bank of America (NYSE: BAC), Wells Fargo (NYSE: WFC), JPMorgan Chase (NYSE: JPM), and Citigroup (NYSE: C).
In the past week, each of the firms noted have suffered day long slowdowns, and at times were unreachable for many customers. The attackers went after the Charlotte based Bank of America first, and sequentially went after the other banks thereafter. Security experts say that the outages reflect one of the biggest cyber attacks that they have ever seen. Hackers are nothing new for banks to deal with – in fact, research suggests that banks get hit by cyber attackers all the time, and have some of the best defenses against them. This time though, it appears they were outgunned.
Dmitri Alperovitch, co-founder of Crowd Strike, a security firm that has been investigating the attacks, noted “The volume of traffic sent to these sites is frankly unprecedented. It’s 10 to 20 times the volume that we normally see, and twice the previous record for a denial of service attack.” To carry out the cyberattacks, the attackers got hold of thousands of high-powered application servers and pointed them all at the targeted banks. The volume of requests overwhelms the banks servers, making their services inaccessible to their customers.
Denial of service attacks are an effective but unsophisticated tool that doesn’t involve any actual hacking. No data was stolen from the banks, and their transactional systems — like their ATM networks — remained unaffected. The aim of the attacks was simply to temporarily knock down the banks’ public-facing websites. The Islamist group Izz ad-Din al-Qassam Cyber Fighters publicly claimed responsibility for the attacks in what it called “Operation Ababil,” but researchers are divided about how seriously to take their claims. The group has launched attacks in the past, but those have been far less coordinated than the recent batch. CrowdStrike’s Alperovitch said he is “quite confident” the perpetrator was the Izz ad-Din al-Qassam Cyber Fighters, since they announced each attack well before it was carried out, and the attack wasn’t that sophisticated — it just took significant planning. PNC was the last target on the lists the Cyber Fighters have circulated, but more attacks could still be coming.
The most recent attack did not jeopardize client data, but was more of an inconvenience as customers were not able to access the firm’s web services and data networks. The outages resulted in a nuissance, but may be part of a broader plan, which requires banks and companies around the world to remain vigilant on data protection.