The latest waves of cyber attacks against U.S. banks – like the one that stalled Wells Fargo’s website for part of Tuesday afternoon – appear to be growing larger and more sophisticated, industry experts say.
The “denial of service” attacks, which flood a bank’s website with traffic to lock out legitimate customers, now tend to target more banks over the course of a day or week. They also may change their tactics hour by hour, making it harder for banks to get their sites back up.
Banks have said little publicly about the attacks, beyond assuring customers that their data is safe. But companies that specialize in bank security say banks are investing more heavily in systems aimed at preventing them.
“This is the longest cyber attack on an industry sector that we’ve ever experienced on the face of the earth,” said Carl Herberger, vice president of security solutions at Radware, which works with banks and other companies on security.
“No longer are these attacks being shrugged off by any of the commercial banks. People understand it’s really serious.”
Charlotte-based Bank of America has disclosed in regulatory filings that it’s been the victim of cyber attacks, and its website has periodically malfunctioned during times when the attacks were frequent.
Before this week, Wells had been the victim of apparent attacks in September and December, according to news accounts. Asked about Tuesday’s website slowdown, a Wells spokesman said the bank believes it experienced a denial of service attack, and that customer information is safe.
Winston-Salem’s BB&T has also said it’s been subject to denial of service attacks. PNC Bank, JPMorgan Chase, Citigroup, Regions and SunTrust have also been targeted, according to Bank Info Security, a trade publication that tracks the issue.
The attacks against U.S. banks have come in periodic waves since September, when a group calling itself the Izz ad-Din al-Qassam Cyber Fighters first threatened cyber attacks.
During each wave, the group has posted a weekly list of the banks it claims to have targeted the week before.
Their messages describe the group as a militant Islamic organization and claim the attacks are a response to an online video mocking the Prophet Muhammad.
Security analysts say it’s nearly impossible to determine where the attacks come from, but they say they appear to have a large organization behind them. Some officials, including U.S. Sen. Joe Lieberman of Connecticut, have pointed to nations like Iran as a possible source of the attacks.
Said Herberger: “Clearly these aren’t just two kids sitting in a basement pecking away all day. This is the big boy league.”
Marty Meyer, president of attack-prevention company Corero Network Security, called 2013 the “watershed year” for bank investment in security projects.
“This is just the point in time where there’s been enough critical mass of these attacks where people know about it,” Meyer said.
In nearly every case, the banks have said that no personal information was compromised. The Office of the Comptroller of the Currency warned banks in December, however, that the attacks could be used to distract information security staff while attempting to get access to consumer accounts.
The regulator directed banks to review their security strategies and to share information with each other.
Wells Fargo customers also reported Wednesday morning that their debit cards were not working. The bank said the issue was unrelated to the website slowdowns. Spokesman Josh Dunn said the debit card problems were due to a Visa technical glitch that was fixed by midday.
Dunn: 704-358-5235 Twitter: @andrew_dunn