OCC Warns of U.S. Bank DDoS Attacks, Account Fraud
A recent alert noted that DDoS attacks can be used to create a distraction while fraud or theft is being perpetrated.
The U.S. Office of the Comptroller of the Currency (OCC) has published an alert regarding the series of DDoS attacks that various groups have recently been launched against U.S. banks.
"Each of the groups had different objectives for conducting these attacks ranging from garnering public attention to diverting bank resources while simultaneous online attacks were under way and intended to enable fraud or steal proprietary information," the alert states.
"The bulletin recommends that banks maintain a 'heightened sense of awareness regarding these attacks' and ensure they are prepared to deal with them," writes SC Magazine's Dan Kaplan. "That includes appropriating staff and third-party contractors to help thwart the attacks; implementing an incident response plan across various departments; and sharing information among affected organizations."
"Banks are currently being hit with DDoS attacks as part of a second phase of campaigns waged by the hacktivist group Izz ad-Din al-Qassam Cyber Fighters," notes BankInfoSecurity's Tracy Kitten. "In a Dec. 18 posting on Pastebin, the group warned attacks would persist until a YouTube movie trailer, deemed offensive to Muslims, is removed."
"This is definitely a threat to the day to day workings of our financial systems," Gartner analyst Avivah Litan wrote in a recent blog post. "Thankfully there are lots of backup routes into a bank, e.g. branch, ATM machine, call center. But many users and customers depend on the internet and it’s very disruptive to business when it’s down. In the meantime, add DDoS attacks to the checklist of things to worry about when trying to prevent fraud."