14 DAY TRIAL // Izz ad-Din al-Qassam Cyber Fighters are determined to continue their campaign until their demands are met. However, despite the fact that they've been targeting a larger number of financial institutions in the second phase of their operations, the attacks don't seem to be as disruptive as the ones from the first phase.
Avivah Litan of Gartner told BankInfo Security that most of the IT teams employed by banks have made considerable adjustments to ensure that their systems have a better chance at handling the attacks.
“These adjustments are definitely helping for now. The fraud teams are also tightening defenses, so more is automated and independent of staff attention, which is diverted during these attacks,” she explained.
The Office of the Comptroller of the Currency (OCC) – the body which regulates the activities of banks in the US – has issued an alert to warn financial institutions about the dangers posed by the recent wave of distributed denial-of-service (DDOS) attacks.
The OCC reinforces the fact that there are two attack groups: the politically motivated hackers and those who leverage these DDOS attacks to commit fraud.
“Recently, various sophisticated groups launched distributed denial of service (DDoS) attacks directed at national banks and federal savings associations (collectively, banks),” the alert reads.
“Each of the groups had different objectives for conducting these attacks ranging from garnering public attention to diverting bank resources while simultaneous online attacks were under way and intended to enable fraud or steal proprietary information.”
The agency highlights the fact that banks should have “risk management programs to identify and appropriately consider new and evolving threats to online accounts and to adjust their customer authentication, layered security, and other controls as appropriate in response to changing levels of risk.”
On the other hand, Litan explains that many banks don't spend as much as they should on security.
The fact that the OCC has become involved is a good thing because they might step up their enforcement of FFIEC guidance on information security to force all banks to take the proper steps in protecting their infrastructures.