Bank group warns of heightened risk of cyber attacks

(Reuters) – A financial services industry group warned US banks, brokerages and insurers on Wednesday to be on heightened alert for cyber attacks after Bank of America and JPMorgan Chase experienced unexplained outages on their public websites.

The Financial Services Information Sharing and Analysis Center, which is widely known as FS-ISAC, raised the cyber threat level to “high” from “elevated” in an advisory to members, citing “recent credible intelligence regarding the potential” for cyber attacks as its reason for the move.

The problems with the websites at the two banks came after an unidentified person posted a statement on the Internet threatening to attack Bank of America and the New York Stock Exchange as a “first step” in a campaign against US companies. The posting said the attacks would continue until the film that had stirred up anti-US protests across the Middle East was “erased” from the Internet.

It was not possible to identify the person who posted the statement. Nor was it clear if the threat had anything to do with the issues at either of the two banks.

Dan Holden, director of security research at Arbor Networks, said that several US banks were under assault by a distributed denial of service (DDoS) campaign. He declined to identify them by name.

An outside security contractor who was familiar with the attacks said that they were “massive” in scope.

Denial-of-service attacks seek to disrupt websites and other computer systems at the targeted organization by overwhelming their networks with computer traffic.

The move by FS-ISAC came just two days the FBI published a “fraud alert” advising financial services firms that cyber criminals may be disrupting service to their websites in a bid to keep banks from noticing a recent surge in fraudulent large-sized wire transfers.
“Often these DDoS attacks are part of a more sophisticated blended threat – One that utilizes DDoS as a diversion for more complex, difficult to detect techniques with the intention to extract customer data or financial information,” said Holden of Arbor Networks.

An FBI spokeswoman declined to say if the tactics cited in the fraud alert were related to the problems experienced by the two banks.

Yesterday the consumer banking website of JPMorgan Chase & Co was intermittently unavailable to some customers. The problems followed issues with the website of Bank of America Corp on Tuesday amid threats on the Internet that a group was planning to launch cyber attacks on a U.S. bank.

JPMorgan Chase spokesman Patrick Linehan said: “We’re experiencing intermittent issues with Chase.com. We apologize for any inconvenience and are working to restore full connectivity.”
A Bank of America spokesman reported no continuing problems yesterday. “Our online banking services have been, and are, up and running,” Mark Pipitone said. “The vast majority of our customers have not experienced any issues.”