Since 19 September 2012, major banks in the US were hit with several cyber attacks (Goldman, 2012). Observers referred to those attacks as the biggest in the history of cyber attacks on banks. Consequently, the attacks affected many banks’ customers. There were coordinated Denial-of-Service (DoS) attacks that resulted in daylong slowdowns of Web sites of Bank of America, JP Morgan Chase, Wells Fargo, and US Bank. In addition, PNC Bank’s Web site remained inaccessible to customers for several hours.
Cyber security experts believed that the recent spate of cyber attacks originated from Iran (Jim and Rick, 2012). The coordinated DoS attacks appeared to be acts of terrorism and cyber campaign against the US. Expert linked those attacks to Islamist radicals and military wing of Hamas, Izz ad-Din al-Qassam Cyber Fighters. Although the Islamist group had attacked before, recent attacks were highly coordinated and targeted several financial institutions. Hackers claimed that attacks, termed as Operation Ababil, would continue until the controversial film, Innocence of Muslims was removed from the Internet (Rothman, 2012).
These attacks were coordinated Denial-of-Service (DoS). In DoS attacks, hackers direct considerably huge amount of network traffic to a target Web site, which results into a crash. The most prevalent form of DoS attack is the ‘botnets’ or networks of infected computers (Robertson, 2013). Attackers target the database with heavy applications. Moreover, attackers may rely on a single computer to increase searches and crash the Web site. In some instances, coordinated DoS attacks may entail manipulation of the Web site domain name application to enhance the frequency of attacks on the target Web site.
Financial institutions have a tendency of limited disclosure in case of any attacks. While many large US banks acknowledge attacks in their reporting systems, they do not disclose any theft of customers’ data or material losses related to cyber attacks. Cyber security analysts believe that such attacks go beyond damages on the Web sites and could have deep financial implications (Robertson, 2013). According to Robertson (2013), these major banks do not provide detailed information on DoS attacks, data theft, and financial losses as specified by regulators. In fact, these financial institutions consider DoS attacks as material risks. In some instances, bank officials refuse to comment while others admit mild outages without financial losses and customers’ data theft. Wells Fargo claimed that the DoS attacks tested the US banks and cyber attacks could be more sophisticated in the future. Still, JPMorgan Chase noted that DoS attacks were highly sophisticated and resourced. In addition, many banks do not disclose their cyber security expenses.
There is no shortage of cyber security software in the market to detect and prevent network breaches. However, technology on its own may not solve all forms of attacks. Banks require enough employees with technical knowledge on cyber attacks within different units of their businesses to fight cyber attacks.
DoS attacks are traditional forms of cyber attacks and might not need highly trained cyber security experts compared to other advanced and destructive attacks related to Stuxnet. However, DoS attacks are highly disruptive. For instance, repeated attacks and shut downs may hurt banks’ image, affect customer retention, customer acquisition, revenue growths, and profitability.
Overall, banks require network protections against DoS attacks that go beyond regular services provided by vendors. Moreover, banks need to invest in staff training to allow them to detect any suspicious activities.
References
Goldman, D. (2012). Major banks hit with biggest cyber attacks in history. Web.
Jim, F., and Rick, R. (2012). Exclusive: Iranian hackers target Bank of America, JPMorgan, Citi. Web.
Robertson, J. (2013). Cheapest Way to Rob Bank Seen in Cyber Attack Like Hustle. Web.
Rothman, P. (2012). Cyber terror rages in the banking sector. Web.