Attacks Resume on U.S. Banks

Capital One targeted; SunTrust and Regions Financial expect to be next.

Capital One Financial Corp. said it was the latest target in a new round of coordinated cyber attacks aimed at disrupting the websites of major U.S. banks, and SunTrust Banks Inc. and Regions Financial Corp. said they expect to be next.

Pam Girardo, a spokeswoman for McLean, Virginia-based Capital One, confirmed in an e-mail statement yesterday that the bank’s online systems were disrupted and later that most online services had been restored.

“At this point, we have no reason to believe that customer and account information is at risk,” she said in the earlier statement.

The computer assaults are a continuation of a campaign that began last month using commercial servers to overload bank websites with Internet traffic, temporarily disrupting and slowing online services for customers.

A group calling itself Izz ad-Din al-Quassam Cyber Fighters has claimed responsibility for the attacks in statements posted to the website, saying they are in response to a video uploaded to Google Inc.’s YouTube ridiculing the Prophet Muhammad and offending some Muslims.

The group gave notice that distributed denial-of-service, or DDoS, attacks would continue against Capital One, followed by SunTrust Oct. 10 and Regions Financial on Oct. 11.

The attacks reveal that some of the nation’s most advanced computer defenses are vulnerable to cyber attacks even if the targets know they’re coming.


Online Service

Evelyn Mitchell, a spokeswoman for Birmingham, Alabama-based Regions Financial, said in an e-mailed statement today that the bank knows about the warning.

“We are aware that the group claiming responsibility for these attacks has identified Regions as one of its targets,” she said. “We take online security seriously and are taking every measure to protect the company and our customers.”

Michael McCoy, spokesman for Atlanta-based SunTrust, said it’s reacting to the threat.

“We are aware of the threat and are working to mitigate any disruption to our clients should an attack occur, but we will decline to offer specifics,” McCoy said.

DDoS attacks, which are relatively common, harness networks of infected computers to bombard websites with traffic in an effort to slow or crash them. In the case of the banks, the attackers commandeered commercial servers, which were able to pump a larger volume of traffic at the sites, according to cybersecurity researchers.

Another unique aspect of the attacks is that they are using encrypted data to bypass the bank’s firewalls and other security devices, Carl Herberger, a vice president for the network security firm Radware Inc., said in a telephone interview.

“We haven’t seen this before, and now we see them every day during the past couple of weeks,” Herberger said, adding that his company is working with the banks to investigate the attacks. “It’s an advanced attack, and frankly a lot of the banks are just getting their heads around the architecture to mitigate these attacks.”

There’s no evidence the attacks have resulted in thefts of data or money, Herberger said from his company’s North American headquarters in New Jersey. He said he couldn’t rule out the possibility the attacks are inserting malware into bank networks to steal data or money later.


Complex Attacks

“The attacks are sophisticated,” William Nelson, president of the Financial Services Information Sharing and Analysis Center, said at a roundtable discussion in Washington today. “It is a challenge.”

“If you put up one defense, they have a workaround” and have the ability to change how they’re attacking, Nelson said. The attacks are “defendable,” he said, while declining to provide details of the attacks or discuss who may be responsible.

“It’s more complex,” Nelson said of the attacks. “It’s something we haven’t really seen before.”

Asked about the Internet posting about new banks targeted this week, Nelson said the banks “knew about it immediately so they can take action immediately.”

“They’re in contact, I can assure you, with the right people within government and other members,” he said.

The FS-ISAC was established in 1999 to disseminate cyber threat information to the financial-services industry. It works with the U.S. Treasury and Homeland Security departments, and its 4,200 members include large banks and credit-card companies.



Bloomberg News

Page 1 of 3

Copyright 2017 Bloomberg. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.


Advertisement. Closing in 15 seconds.