Bank DDoS Attacks Resume: Wells Fargo Confirms Disruptions

  /     /     /  
Publicated : 22/11/2024   Category : security


Bank DDoS Attacks Resume: Wells Fargo Confirms Disruptions


Muslim hacktivists continue third wave of takedowns, submit invoice protesting Innocence of Muslims video that mocks founder of Islam.



Who Is Hacking U.S. Banks? 8 Facts (click image for larger view and for slideshow)
Wells Fargos website suffered disruptions Tuesday, after the al-Qassam Cyber Fighters hacktivist group vowed to continue its long-running campaign of U.S. banking website takedowns.
According to website downtime and outage reporting service
Sitedown.co
, over the past 24 hours, banking customers posted higher than normal numbers of downtime reports for Wells Fargo (232 reports) and Bank of America (46 reports). Some customers also reported difficulties accessing the websites of Chase, Capital One, Citibank and PNC Bank, and in some cases also the banks mobile banking sites.
Wells Fargo spokeswoman Bridget Braxton
confirmed Tuesday
that the banks website was being disrupted, but told Reuters that the vast majority of customers are not impacted and customer information remains safe. She also noted that the disruptions were intermittent, and recommended customers who couldnt access the Wells Fargo website keep trying.
[ U.S. banks arent the financial institutions under attack. Learn
How South Korean Bank Malware Spread
. ]
By the tally of the al-Qassam Cyber Fighters, which is a self-proclaimed group of
Muslim hacktivists
, this is now the fourth week in the third wave of its distributed denial-of-service (DDoS) attack campaign, which its dubbed
Operation Ababil
. During last week the below list of banks and/or financial services were being chosen as target: BB&T, PNC, Chase, Citibank, U.S. Bancorp, Suntrust, Fifth Third Bancor, Wells Fargo and some others, according to a statement posted Tuesday to Pastebin by the group,
announcing that the DDoS attacks
would be continuing.
The groups statement failed to identify its list of bank targets for the current week, but did include a mock invoice, which claims the current DDoS attack volume being unleashed is based on an equation the group has cooked up that estimates the approximate cost on U.S. banks per each DDoS minute to be $30,000, and charges them $100 for each view/like on YouTube of any copy of
Innocence of Muslims
. That video, which mocks the founder of Islam, was
first posted to YouTube in July 2012
, and has long been cited by al-Qassam Cyber Fighters as the reason for its attacks.
This week, according to the groups statement, the united states must still pay because of the insult, and promised to continue the banking website disruptions until all copies of the insulting movie (both trailer and full version) are removed.
The
first bank attacks
were launched in September 2012, followed by
another round
in late 2012. Earlier this month, meanwhile, the al-Qassam Cyber Fighters announced that theyd be
commencing a third wave of attacks
.
With each new wave of attacks, the scale and sophistication of disruptions has continued to increase. The third wave of attacks has matured in several meaningful ways, Dan Holden, director of security research at Arbor Networks, recently said via email. The size of the botnet has continued to grow, new techniques and toolkits are being developed and the attackers continue to focus further on the application level.
Those
tools and tactics
include the use of the
itsoknoproblembro toolkit
-- also known as Brobot -- that can achieve sustained floods of 70 Gbps and 30 million packets per second, as well as
compromising legitimate WordPress and PHP websites
and using them as staging grounds for launching DDoS attacks.
The attackers are beginning to use more sophisticated tactics as defensive capabilities improve and mitigation against the attacks continues to be successful, said Holden. We are seeing randomization capabilities in the attack tools for the first time during the approximately seven-month campaign. We expect these trends to continue as the campaign carries on.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Bank DDoS Attacks Resume: Wells Fargo Confirms Disruptions