After distributed denial of service attacks disrupted Bank of America and JPMorgan Chase websites in late September the Financial Services Information Sharing and Analysis Center (FS-ISAC) industry group increased their cyber threat level metric from “elevated” to “high.” The attacks may be related to Islamic activists and reactions to a controversial film, or may be organized attacks to divert attention away from large wire transfers, which the FBI recently reported on.
On September 18 Bank of America’s website experienced DDoS attacks and as a result suffered several outages. Prior to this a member, under the name “cyber fighters” of the military wing of Hamas, posted a threat on Pastebin claiming that Muslim activists would attack both Bank of America and the New York Stock Exchange with distributed denial of service campaigns. The NYSE has yet to be affected by any attacks, but the day after Bank of America was targeted JPMorgan Chase was hit with DDoS attacks causing disruptions on their website as well.
A couple of days prior to the attack against Bank of America the FBI released a report warning that fraudsters may disrupt service to financial service companies’ websites, mainly through DDoS attacks, to keep the financial institutions from seeing and stopping fraudulent wire transfers. This is a highly organized fraud attack where many compromised accounts are on-hold to initiate large and fraudulent wire transfers to accounts operated by fraudsters or money mules, and these transfers are organized and timed with the DDoS attacks so the business is distracted and dealing with this decoy.
In response to threats from hactivists, the fraud alert from the FBI and the multiple DDoS attacks against major U.S. financial institutions, the Financial Services Information Sharing and Analysis Center sent an advisory to their many members stating they had increased their cyber threat level to “high.” FS-ISAC did not comment specifically on why they raised the threat level, and as of yet it can’t be proven if the DDoS attacks are associated with Islamic “cyber fighters” or unidentified person who posted the threats online. As described in the recent FBI reports, these DDOS attacks against Bank of America and Chase could be distractions for a series of fraudulent transfers from compromised accounts. But either way, amidst these attacks from organized hactivists or organized fraudsters, the cyber threat level has been raised.
For more information: