Cyberattacks on banking websites subside -- for now

Prolexic, which says it protects the top financial institutions, says the attackers have done their homework

The wave of cyberattacks against a half-dozen U.S. financial institutions has subsided this week, but the recent demonstration of force shows a careful honing of destructive techniques that could continue to cause headaches.

The attacks against Wells Fargo, U.S. Bancorp, PNC Financial Services Group, Citigroup, Bank of America and JPMorgan Chase succeeded in drawing ire from consumers trying to use the sites for regular banking.

But customer-facing websites are just a small part of very complicated banking systems consisting of sometimes thousands of back-end applications that are being prodded by attackers, said Scott Hammack, CEO of Prolexic, a company based in Hollywood, Florida, which specializes in defending against distributed denial-of-service (DDOS) attacks.

The attackers "have absolutely done their homework on these large companies," Hammack said. "They've found many, many weak spots, and their attacks are very focused on those weak links."

Prolexic is in a unique position to observe the attacks. The financial institutions victimized by the attacks last week are its customers, although confidentiality agreements with the banks prevent Prolexic from directly naming the companies, said Prolexic's president, Stuart Scholly.

The attacks have consumed up to 70Gbps of bandwidth, well beyond the 1Gbps to 10Gbps circuits that large companies tend to rent, Scholly said.

"There are very few companies that can afford to buy that kind of bandwidth," Scholly said.

Within a few minutes of the start of an attack, DNS (Domain Name System) or BGP (Border Gateway Protocol) routing changes are used to direct malicious traffic through Prolexic's data centers in London; Hong Kong; San Jose, California; and Ashburn, Virginia. The bad traffic is scrubbed, while non-attack traffic is passed along to customers.

As exhibited by last week's problems, it doesn't mean in every case that a site's hiccups are immediately cured. The hackers are using between six and eight different types of attacks originating from small armies of compromised computers. Those botnets are often in the U.S. and China, which are countries with large numbers of computers without up-to-date patches, making those machines vulnerable to hackers to install DDOS toolkits.

Prolexic called out one of those toolkits, called "itsoknoproblembro," in a recent statement, but declined to say if that toolkit was used in last week's attacks.

The hackers are taking steps to make each attacking computer within those botnets look different. Prolexic tries to identify an attacking computer by its "signature," or a set of characteristics that make it look unique. But if those parameters vary over time, it's more difficult to block an attack.

The vast range of IP addresses used by banks also makes defense more difficult, as hackers try different attack techniques against applications and ports, testing for latency, or how long it takes the bank's systems to respond.

"It's not like protecting mom and pop's ABC hardware store with a single IP [address] and a couple of ports," Hammack said.

Prolexic executives won't speculate on the motivation for the attacks or what group may be responsible, but Hammack said he is "frustrated when people say this is a dumb attack by some kid in an apartment in Brooklyn."

Send news tips and comments to

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts