Cyberattack Warning Throws US Banks' Security Into High Gear
Sep 21, 2012 7:00 AM PT
Citing recent threats of cyberattacks, the Financial Services Information Sharing and Analysis Center, an industry body set up by the financial services industry, has raised its cyberthreat level from "elevated" to "high."
It points to credible intelligence indicating the potential for distributed denial of service and other cyberattacks against financial institutions.
FS-ISAC also cites a zero-day vulnerability in Microsoft's Internet Explorer browser.
The warning follows the publication on the Internet of threats against Bank of America and the New York Stock Exchange.
BofA's site has been intermittently disrupted, followed by that of JPMorgan Chase, although it's not yet clear whether the problems at both sites are related.
Threats and Alarms
The threat against BofA and the NYSE was posted on the Internet on Tuesday. The poster used the handle "Cyber fighters of Izz ad-din Al Qassam."
The threat tied the attacks to an anti-Muslim movie made by a convicted criminal living in the United States who's of Middle Eastern origin. It said the attacks against American and Zionist websites would continue until apologies for the making of the movie are made.
The repercussions from the anti-Muslim movie are being felt around the world. There have been riots in Muslim countries from Afghanistan to Tunisia.
Are Banks Safe?
BofA spokesperson Mark Pipitone said the bank's websites "were never down" despite reports of intermittent service.
The bank "had period of slowness but there was never an outage," Pipitone told TechNewsWorld. "Our systems were up and running and we were serving customers and clients through all our channels. The vast majority of our clients and customers were served through all our channels this week."
JPMorgan Chase did not respond to our request to comment for this story.
The Fear and the Danger
FS-ISAC's warning is certainly credible, Rob Enderle, principal analyst, Enderle Group, told TechNewsWorld.
"Whenever Microsoft releases an out-of-band patch, it's serious," Enderle said. "The cost of issuing one of these is incredibly high and Microsoft doesn't do this lightly."
Microsoft will issue such a patch when there's both an exploit and credible evidence that the exploit's being used, Enderle stated. "So this indicates something serious is going on and, coupled with the alert, this indicates the U.S. government believes there's something going on."
FS-ISAC was launched in 1999 in response to a presidential directive that mandated the public and private sectors share information about physical and cyber security threats and vulnerabilities to help protect the United States' critical infrastructure.
The warning from FS-ISAC might mean "that they're seeing chatter that banks might get hurt," Enderle said. "Attacks like this are an inconvenience for customers but they are serious matters for banks. If the bank is breached and customers' money is stolen, the bank's charged with replacing the money, and if it was hit because it didn't take the warning seriously, the insurance money may not cover the damage."