2013’s Top Security Pain Points: Mobile, APTs, Third-Party Apps In the days after the election, I saw a headline from The Onion making the social media rounds that read, “Nation Horrified To Learn About War In Afghanistan While Reading Up On Petraeus Sex Scandal.” There are three points made in that headline. First, America loves […]
2013’s Top Security Pain Points: Mobile, APTs, Third-Party Apps
In the days after the election, I saw a headline from The Onion making the social media rounds that read, “Nation Horrified To Learn About War In Afghanistan While Reading Up On Petraeus Sex Scandal.”
There are three points made in that headline. First, America loves its sex scandals and meaty gossip about people they’ll never actually know — a lot. Second, the media have done a really horrible job covering the war in Afghanistan. Third, we tend to forget about important things if they aren’t making headlines every day. It is the third point that I want to focus on here.
There is a lot of truth to the old saying “Out of sight, out of mind.” The war is a great example, but so is network security. I’m stunned at times at what a short memory people have when it comes to security issues. I’ve spoken to countless people who have shrugged off breaches and malware infections because if no one is talking about those breaches anymore, then, in their minds, it must all be fixed.
The DDoS attacks on the banking industry fit into that category. When they first began earlier this year, the attacks were major headlines in both mainstream media and in security media circles. When the second round happened, there was a little bit of discussion, but you had to know where to look to find it. The attacks are now out of sight, out of mind, but like the war in Afghanistan, DDoS attacks against the banking industry haven’t gone away just because they aren’t front-page news. Take this lead paragraph from Bank Info Security, for instance:
Online outages affecting leading U.S. banking institutions continued Dec. 12, but only U.S. Bancorp. confirmed that its site issues were linked to a distributed-denial-of-service attack.
Did you know there were outages this week? (I wondered, actually, because I was trying to log into a major bank site and had no luck. My first reaction was a likely DDoS attack.)
Stephen Gates, technology evangelist, Corero Network Security, told me in an email:
This new wave of attacks just picks up right where they left off. These hacktivists are showing no signs of backing down and — by publicly declaring their targets — are apparently becoming more emboldened. Couple this open display with the ever-evolving nature of this type of attack, from high volume flood assaults to intricate application layer attacks, and these financial institutions MUST up their game. In the wake of this declaration, many of the banks named by the Izz ad-Din al-Qassam Cyber Fighters took to social media to warn their customers about these potential attacks; a sure sign that these hacktivists are beginning to hit a nerve.
Thing is, even when the attacks against the banks were initially announced earlier this year, it was still old news, according to Sean Bodmer, chief researcher at CounterTack, who told me:
Coordinated campaigns targeting financial services organizations are not novel, and have been in play since well before 2010. Banks have been targeted for years, by carders and crimeware operators alike. Almost every black-market forum has a Web-inject that will steal user credentials from top financial services organizations. It’s old news, really. What’s new and most interesting is the mass profit sharing model being trumpeted – it’s very unique at a broad level of operation. Cybercriminal operations and black-market sales have commercially leveraged sales options, such as suggestion/comment forums, service level agreements, an d guaranteed response times. Not to be forgotten are bulk sales discounts of criminal tools, money transfers, product demonstrations, product evaluation periods, and now we’re seeing profit sharing… It would seem that the criminal underground is maturing at a much faster pace than world governments believe.
So be prepared, because the DDoS attacks against the banks likely won’t stop with the attacks of this week. Just because we don’t hear about it happening doesn’t mean the problem has gone away. Banks — and everyone — need to stay alert for old-style attacks continuing, not just for new attacks to begin.
Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.
The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
