11:44 AM
Connect Directly

Bank of America Alleged Cyber Attack Shows Need For Cooperation

The Charlotte-based bank reported no major issues with its website a day after a group protesting an anti-Islam film took credit for the attacks.

The purported cyber attacks against Bank of America's website Tuesday appear to have been contained, but highlight the ever-present need for information sharing and cooperation between financial institutions regarding security threats.

Shirley Inscoe, senior analyst with Boston-based Aite Group, notes that cross-industry meetings to discuss threats such as this most recent one are invaluable when combating cyberterrorism.

"Large banks do have industry meetings where they share information and strategies," she says, as well as noting collaborative work done by industry groups such as BITS, the technology division of The Financial Services Roundtable and the Financial Services Information Sharing and Analysis Center (FS-ISAC).

The bank's website experienced periodic outages yesterday, with Reuters reporting that customers contacted in New York, Georgia, Ohio and Michigan saying they could not access the website.

A group protesting an anti-Islam film allegedly took credit for the attacks, which also targeted the New York Stock Exchange.

A message posted in a forum allegedly authored by "Cyber fighters of Izz ad-din Al qassam," a reference to the military wing of Hamas, foretold the attacks, blaming the United States and the "Zionist Regime" for the production of the film.

According to Bank of America, the website is functioning normally a day after the alleged attacks.

"Our online banking services have been, and are up and running," said Mark Pipitone, a Bank of America spokesman. "The vast majority of our customers did not experience any issues yesterday."

Regarding whether the outages were due to a cyber attack, Pipitone responded, "I can assure you that our customer and client information, our online banking platform and the related systems remain safe and secure."

Inscoe notes that Bank of America was helped by the fact that "the group publicized they were doing this." She adds that big banks, and Bank of America in particular, are not strangers to these kind of attacks.

"Especially when it is threats coming from outside of our borders, just their name alone makes them a target," she says. "Their name seems to symbolize the U.S. financial system."

Oded Comay, CTO of network access control provider ForeScout technologies added, "The more visible or attractive the entity, the more likely the target. The successful attacks themselves serve as a wake-up call for IT security professionals to remain vigilant. Modern hacking groups are motivated, organized and intelligent, leveraging known and new vulnerabilities and different attack vectors; which can change dynamically in order to make the attacks very hard to detect and even harder to preempt."

Bryan Yurcan is associate editor for Bank Systems and Technology. He has worked in various editorial capacities for newspapers and magazines for the past 8 years. After beginning his career as a municipal and courts reporter for daily newspapers in upstate New York, Bryan has ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.